Solved

Connection string security\best practices

Posted on 2011-09-21
6
252 Views
Last Modified: 2012-05-12
Experts -

writing a win forms vb.net VS 2010 app, i read & write to a mySQL db over the Web. my boss suggests i store my connection string remotely (across the web, on our db server), but this idea kinda perplexes me. he's afraid any hack of my app will expose our data.

anyways, what's the best way to do this?

also, wouldn't it be just as sensible to store the connect string in some sort of ini\settings file locally, and just encrypt it?

advice & methods welcome...

TIA...

c.
0
Comment
Question by:crafuse
6 Comments
 
LVL 9

Expert Comment

by:sachinpatil10d
Comment Utility
I think encrypt and store the connection string in app.config is a better option.
0
 

Author Comment

by:crafuse
Comment Utility
sachinpatil10d - why? and any links to ways to do this?

thnx.
0
 
LVL 9

Expert Comment

by:sachinpatil10d
Comment Utility
The main benefit of using the app.config is that it is the default, supported way for a .NET app to store its config, The .NET framework has support for using, writing, creating, modifying the app.config file but if you go with your own scheme, you'll have to do a extra coding.

This can be helpful for encryption
http://weblogs.asp.net/jgalloway/archive/2008/04/13/encrypting-passwords-in-a-net-app-config-file.aspx
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 83

Expert Comment

by:CodeCruiser
Comment Utility
The app.config is usually fine but you have the app installed on many computers, changing the connection string would be a pain and connection string stored in a central location would be much easier. You can still apply the encryption concept though. BUT, MySQL connection object would send the plain connection string over the wire to mysql server anyway so there is not much benefit in my opinion. You have another question related to this product where you mention ASP.NET and I think web would be more appropriate depending on your requirements.
0
 
LVL 69

Accepted Solution

by:
Éric Moreau earned 500 total points
Comment Utility
0
 

Author Closing Comment

by:crafuse
Comment Utility
i found yer work yesterday, tried to post a thanks on yer blog but it kept telling me that the security numbers\letters thingie was more than 45 seconds old, or something like that.

andyways, that was precisely what i was looking for.

thanks!
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

This article explains how to create and use a custom WaterMark textbox class.  The custom WaterMark textbox class allows you to set the WaterMark Background Color and WaterMark text at design time.   IMAGE OF WATERMARKS STEPS Create VB …
It’s quite interesting for me as I worked with Excel using vb.net for some time. Here are some topics which I know want to share with others whom this might help. First of all if you are working with Excel then you need to Download the Following …
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video explains how to create simple products associated to Magento configurable product and offers fast way of their generation with Store Manager for Magento tool.

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now