In App.config, encrypt the password.

ado.net c# entity-framework

Question

I want to encrypt the password in connection string. When I make a connection to DB the connection string is openly stored in App.config and I need to find a way to keep only password encrypted.

1
26
4/2/2011 11:31:06 AM

Accepted Answer

Lets say this is your connection string:

<connectionStrings>
    <add name="cs" connectionString="Data Source=myServerAddress;Initial Catalog=myDataBase;User Id=myUsername;Password=XXSDFASFDKSFJDKLJFDWERIODFSDFHSDJHKJNFJKSD;"/>
</connectionStrings>

Then you can do something like this:

string myCs = System.Configuration.ConfigurationManager.ConnectionStrings["cs"].ConnectionString;

System.Data.SqlClient.SqlConnectionStringBuilder csb = new System.Data.SqlClient.SqlConnectionStringBuilder(myCs);
csb.Password = EncDecHelper.Decrypt(csb.Password);
myCs = csb.ToString();

You can write EncDecHelper.Decrypt by using samples from here: Encrypt and decrypt a string

22
5/23/2017 11:54:38 AM

Popular Answer

Use the connectionStrings configuration section and encrypt the whole section - instead of just the password.

This is safer as your app config will no longer have the server names and user names in plain text either.

There are how-to documents for encrypting configuration sections on MSDN for RSA or DPAPI.



Related Questions





Related

Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow
Licensed under: CC-BY-SA with attribution
Not affiliated with Stack Overflow