Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Connection string security\best practices

Posted on 2011-09-21
6
Medium Priority
?
264 Views
Last Modified: 2012-05-12
Experts -

writing a win forms vb.net VS 2010 app, i read & write to a mySQL db over the Web. my boss suggests i store my connection string remotely (across the web, on our db server), but this idea kinda perplexes me. he's afraid any hack of my app will expose our data.

anyways, what's the best way to do this?

also, wouldn't it be just as sensible to store the connect string in some sort of ini\settings file locally, and just encrypt it?

advice & methods welcome...

TIA...

c.
0
Comment
Question by:crafuse
6 Comments
 
LVL 9

Expert Comment

by:sachinpatil10d
ID: 36578273
I think encrypt and store the connection string in app.config is a better option.
0
 

Author Comment

by:crafuse
ID: 36578280
sachinpatil10d - why? and any links to ways to do this?

thnx.
0
 
LVL 9

Expert Comment

by:sachinpatil10d
ID: 36578307
The main benefit of using the app.config is that it is the default, supported way for a .NET app to store its config, The .NET framework has support for using, writing, creating, modifying the app.config file but if you go with your own scheme, you'll have to do a extra coding.

This can be helpful for encryption
http://weblogs.asp.net/jgalloway/archive/2008/04/13/encrypting-passwords-in-a-net-app-config-file.aspx
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 83

Expert Comment

by:CodeCruiser
ID: 36582245
The app.config is usually fine but you have the app installed on many computers, changing the connection string would be a pain and connection string stored in a central location would be much easier. You can still apply the encryption concept though. BUT, MySQL connection object would send the plain connection string over the wire to mysql server anyway so there is not much benefit in my opinion. You have another question related to this product where you mention ASP.NET and I think web would be more appropriate depending on your requirements.
0
 
LVL 70

Accepted Solution

by:
Éric Moreau earned 2000 total points
ID: 36600283
0
 

Author Closing Comment

by:crafuse
ID: 36666391
i found yer work yesterday, tried to post a thanks on yer blog but it kept telling me that the security numbers\letters thingie was more than 45 seconds old, or something like that.

andyways, that was precisely what i was looking for.

thanks!
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Well, all of us have seen the multiple EXCEL.EXE's in task manager that won't die even if you call the .close, .dispose methods. Try this method to kill any excels in memory. You can copy the kill function to create a check function and replace the …
If you need to start windows update installation remotely or as a scheduled task you will find this very helpful.
This video shows how to quickly and easily deploy an email signature for all users in Office 365 and prevent it from being added to replies and forwards. (the resulting signature is applied on the server level in Exchange Online) The email signat…
Please read the paragraph below before following the instructions in the video — there are important caveats in the paragraph that I did not mention in the video. If your PaperPort 12 or PaperPort 14 is failing to start, or crashing, or hanging, …
Suggested Courses

916 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question