How to hide userid/password in db connection string from source?

c# vb.net
17,789

Solution 1

you should keep the connectionstrings in web.config file and then encrypt the web.config file so that the passwords are safe. you can find help on how to encrypt web.config file here http://msdn.microsoft.com/en-us/library/dtkwfdky(v=vs.100).aspx

Solution 2

If using MS SQL you can use integrated auth and simply not have user name and password in the connection string:

Data Source=myServerAddress;Initial Catalog=myDataBase;Integrated Security=SSPI;

(sample copied from http://www.connectionstrings.com/sql-server-2008)

Solution 3

I'm guessing you are putting the connection string in the source code. If you are the first thing you should do is move it to the app.config / web.config file.

http://msdn.microsoft.com/en-us/library/ms254494(VS.80).aspx

If you are already using the app.config or web.config file can you give more details.

Solution 4

A way to not store the password in the source is to make it a part of the server environment (read from a file, store it into an environment variable, etc.)

Solution 5

Encrypt the connection string, more details can be found here: Encrypting Configuration Information Using Protected Configuration and Securing Connection Strings

Share:
17,789
Meysam Savameri
Author by

Meysam Savameri

Updated on June 27, 2022

Comments

  • Meysam Savameri
    Meysam Savameri almost 2 years

    Is it possible to hide the user id and password from source when the developer can trace the source?
    Sorry for my bad English.

  • Meysam Savameri
    Meysam Savameri over 11 years
    environment variable? How to?
  • MaxVT
    MaxVT over 11 years
    By Googling "vb.net environment variable", I found this: msdn.microsoft.com/en-us/library/77zkk0b6.aspx
  • Meysam Savameri
    Meysam Savameri over 11 years
    but with trace the source i can see the password.
  • Tim Schmelter
    Tim Schmelter over 11 years
    Just to clarify: the web.config is as safe as the server itself.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Setting Visibility="Hidden" on WPF Window never shows the window again
System.IO.Directory.CreateDirectory with permissions for only this current user?
What is the C# equivalent of VB.Net " IsDBNull"
Sending email with smtp.secureserver.net with C# and GoDaddy
How to send mail from yahoo mail Id in VB.NET or C#.NET code
How to call a Form from another project
The control with ID 'UpdatePanel1' requires a ScriptManager on the page
How do I split a string into a Multidimensional or a Jagged Array?
How to add dynamic Texbox in GridView at RunTime?
Modifying existing resource file programmatically