Solved

Connection string security\best practices

Posted on 2011-09-21
6
254 Views
Last Modified: 2012-05-12
Experts -

writing a win forms vb.net VS 2010 app, i read & write to a mySQL db over the Web. my boss suggests i store my connection string remotely (across the web, on our db server), but this idea kinda perplexes me. he's afraid any hack of my app will expose our data.

anyways, what's the best way to do this?

also, wouldn't it be just as sensible to store the connect string in some sort of ini\settings file locally, and just encrypt it?

advice & methods welcome...

TIA...

c.
0
Comment
Question by:crafuse
6 Comments
 
LVL 9

Expert Comment

by:sachinpatil10d
ID: 36578273
I think encrypt and store the connection string in app.config is a better option.
0
 

Author Comment

by:crafuse
ID: 36578280
sachinpatil10d - why? and any links to ways to do this?

thnx.
0
 
LVL 9

Expert Comment

by:sachinpatil10d
ID: 36578307
The main benefit of using the app.config is that it is the default, supported way for a .NET app to store its config, The .NET framework has support for using, writing, creating, modifying the app.config file but if you go with your own scheme, you'll have to do a extra coding.

This can be helpful for encryption
http://weblogs.asp.net/jgalloway/archive/2008/04/13/encrypting-passwords-in-a-net-app-config-file.aspx
0
Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

 
LVL 83

Expert Comment

by:CodeCruiser
ID: 36582245
The app.config is usually fine but you have the app installed on many computers, changing the connection string would be a pain and connection string stored in a central location would be much easier. You can still apply the encryption concept though. BUT, MySQL connection object would send the plain connection string over the wire to mysql server anyway so there is not much benefit in my opinion. You have another question related to this product where you mention ASP.NET and I think web would be more appropriate depending on your requirements.
0
 
LVL 70

Accepted Solution

by:
Éric Moreau earned 500 total points
ID: 36600283
0
 

Author Closing Comment

by:crafuse
ID: 36666391
i found yer work yesterday, tried to post a thanks on yer blog but it kept telling me that the security numbers\letters thingie was more than 45 seconds old, or something like that.

andyways, that was precisely what i was looking for.

thanks!
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

A while ago, I was working on a Windows Forms application and I needed a special label control with reflection (glass) effect to show some titles in a stylish way. I've always enjoyed working with graphics, but it's never too clever to re-invent …
It was really hard time for me to get the understanding of Delegates in C#. I went through many websites and articles but I found them very clumsy. After going through those sites, I noted down the points in a easy way so here I am sharing that unde…
This tutorial gives a high-level tour of the interface of Marketo (a marketing automation tool to help businesses track and engage prospective customers and drive them to purchase). You will see the main areas including Marketing Activities, Design …
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question