How to securen a Connection String?

Raghav posted on Monday, February 23, 2009

Dear friends, I am using VS 2008 (VB.NET) and CSLA.NET 3.6, at runtime i am changing my connection string and its working fine. My connection string is storing in app.config file so anybody can open and see my connection string. so I would like to secure my connection string which contains user name and password of SQL Server. Could anyone help me out!!! Thanks Raghav

JonnyBee replied on Monday, February 23, 2009

Hi,

Use the DPAPI (Data Protection API) as described in these 2 articles:
http://www.ondotnet.com/pub/a/dotnet/2005/02/15/encryptingconnstring.html
http://www.codeproject.com/KB/cs/Configuration_File.aspx

/jonnybee

Curelom replied on Monday, February 23, 2009

The one problem with these solutions is that if you have a savy enough user, they might parse through your executable before it is installed and be able to decipher the connection string before it has been encrypted. I think perhaps the best solution is to use remote objects using WCF services/web services. This way the connection string is contained on the server. The user would never even know what database they are hitting. The data portal technology in CSLA makes this a fairly simple task.