encrypt SQL connectionstring c#
I created an c# application (not asp webpage) which connects to a sql 2005 server. In my sourcecode the password and userid for this sql-server is coded plain text in ConnectionString.
SqlConnection con = new SqlConnection();
con.ConnectionString =
"Data Source=server1;"+
"Initial Catalog=mydatabase;"+
"Integrated Security=no;"+
"User ID=admin;Password=mypassword;";
con.Open();
Is there a easy way to encrypt password or whole connectionstring, that other peoples who disassemble my tool are not able to see the password?
thanks
Solution 1:
You should store your connection string in a config file and encrypt that section. See http://www.4guysfromrolla.com/articles/021506-1.aspx or http://msdn.microsoft.com/en-us/library/89211k9b%28VS.80%29.aspx.
Solution 2:
There are two ways of doing it:
- You can use Configuration Secure Section to encrypt and decrypt connection strimng from your source code:
try
{
// Open the configuration file and retrieve
// the connectionStrings section.
Configuration config = ConfigurationManager.OpenExeConfiguration(exeConfigName);
ConnectionStringsSection section = config.GetSection("connectionStrings") as ConnectionStringsSection;
if (section.SectionInformation.IsProtected)
{
// Remove encryption.
section.SectionInformation.UnprotectSection();
}
else
{
// Encrypt the section.
section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
}
// Save the current configuration.
config.Save();
Console.WriteLine("Protected={0}",
section.SectionInformation.IsProtected);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
- You can Enterprise Library Data Access Application Block to perform the encryption using
RSAProtectedConfigurationProviderorDPAPIProtectedConfigurationProvider.
For the full article go to --> http://msdn.microsoft.com/en-us/library/89211k9b(VS.80).aspx
Solution 3:
No, you can only make it difficult
It is better to let the application use a special database login which only got access to the tables/procedures necessary.