We help IT Professionals succeed at work.

VB.NET Retrieving and Storing Database Credentials

I have an application I'm working on that connects to an SQL Server Express 2013 Database.  Currently, I have hard coded the connection string into a settings module.  This works, but it has draw backs.

1. If a user wants to take this program and connect to a different database, it needs to be recompiled for them.
2. I don't know how secure it is.
3. If the password on the database changes, we have to recompile...

And so on.

The first time a user uses the program, I could prompt for a connection string, username and password.  But where would/should I store that - and what would be the most secure method.  

I'm assuming there are several different ways to answer this question, and from my research it seems that no way is really fool proof.  So, any suggestions would be appreciated!

Thank you for your help!!!
Comment
Watch Question

Commented:
I store the credentials in the registry, still not the most secure, but it gets by. Then all you need to do is have a .reg file with the changes that will update the registry.
Top Expert 2015
Commented:
You can use the configuration mechanism in .NET (https://msdn.microsoft.com/en-us/library/vstudio/a65txexh%28v=vs.120%29.aspx), in combination with encrypting (https://msdn.microsoft.com/en-us/library/zhhddkxy%28v=vs.140%29.aspx).

Because the configuration is stored in files external to the application, you do not have to recompile. And the way the mechanism is built, a User configuration setting is automatically stored individually for each user on a given computer, so two users could have a personal ConnectionString from the same installation of the application.

When there are changes, you can simply distribute a new configuration file and copy it in the application directory, or have a form that requests the necessary informations from the user and creates a new ConnectionString on the fly.
Vitor MontalvãoIT Engineer
Distinguished Expert 2017

Commented:
slightlyoff, you still have the issue or it's already solved?

Author

Commented:
I need to look at this in more detail - but I haven't been able to revisit it since I posted.
Sorry for the delay.

Thanks for the suggestions, I am going to explore along those routes.

I appreciate your time and help!!!