Solved

Connection string security\best practices

Posted on 2011-09-21
6
256 Views
Last Modified: 2012-05-12
Experts -

writing a win forms vb.net VS 2010 app, i read & write to a mySQL db over the Web. my boss suggests i store my connection string remotely (across the web, on our db server), but this idea kinda perplexes me. he's afraid any hack of my app will expose our data.

anyways, what's the best way to do this?

also, wouldn't it be just as sensible to store the connect string in some sort of ini\settings file locally, and just encrypt it?

advice & methods welcome...

TIA...

c.
0
Comment
Question by:crafuse
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
6 Comments
 
LVL 9

Expert Comment

by:sachinpatil10d
ID: 36578273
I think encrypt and store the connection string in app.config is a better option.
0
 

Author Comment

by:crafuse
ID: 36578280
sachinpatil10d - why? and any links to ways to do this?

thnx.
0
 
LVL 9

Expert Comment

by:sachinpatil10d
ID: 36578307
The main benefit of using the app.config is that it is the default, supported way for a .NET app to store its config, The .NET framework has support for using, writing, creating, modifying the app.config file but if you go with your own scheme, you'll have to do a extra coding.

This can be helpful for encryption
http://weblogs.asp.net/jgalloway/archive/2008/04/13/encrypting-passwords-in-a-net-app-config-file.aspx
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 83

Expert Comment

by:CodeCruiser
ID: 36582245
The app.config is usually fine but you have the app installed on many computers, changing the connection string would be a pain and connection string stored in a central location would be much easier. You can still apply the encryption concept though. BUT, MySQL connection object would send the plain connection string over the wire to mysql server anyway so there is not much benefit in my opinion. You have another question related to this product where you mention ASP.NET and I think web would be more appropriate depending on your requirements.
0
 
LVL 70

Accepted Solution

by:
Éric Moreau earned 500 total points
ID: 36600283
0
 

Author Closing Comment

by:crafuse
ID: 36666391
i found yer work yesterday, tried to post a thanks on yer blog but it kept telling me that the security numbers\letters thingie was more than 45 seconds old, or something like that.

andyways, that was precisely what i was looking for.

thanks!
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Introduction As chip makers focus on adding processor cores over increasing clock speed, developers need to utilize the features of modern CPUs.  One of the ways we can do this is by implementing parallel algorithms in our software.   One recent…
Microsoft Reports are based on a report definition, which is an XML file that describes data and layout for the report, with a different extension. You can create a client-side report definition language (*.rdlc) file with Visual Studio, and build g…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

738 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question