none
Encrypting Lightswtch Connectiong string and using Encrypted connection string for Desktop Application

    Question

  • I have a Desktop application which i wants to deploy and i wants to use encrypted connection string.

    One way i am thinking of doing is by overriding 


    Samridhi Kumar Shukla

    Saturday, February 23, 2013 3:53 PM

Answers

  • I am assuming that your app is 2T desktop (and not 3T/IIS hosted desktop?)

    If so, the problem is this:  A saavy user will be able to recover the connection string, no matter what you do.  2T apps fundamentally have this problem. 

    In a 3T app, the server or middle tier is the security boundary. 

    In a 2T app, the database is the security boundary.  That means the connection string you use in your 2T apps must be a database user that has limited rights.

    Monday, February 25, 2013 4:46 PM

All replies

  • I wants to use encrypted connection string with sql server database in desktop application. Is there any workaround for Lightswitch.

    Regards,

    Sam


    Samridhi Kumar Shukla

    Sunday, February 24, 2013 3:22 AM
  • Remember that the desktop to the business layer doesn't have a database connection string, the connection string is only from the business layer to the Database.

    On that you could encrypt the connection using the sql server Native client, then you wouldn't have to change the code.

    Sunday, February 24, 2013 9:48 AM
  • Do you know if Sql Server Native client can work with Lightswitch


    Samridhi Kumar Shukla

    Monday, February 25, 2013 1:10 PM
  • I am assuming that your app is 2T desktop (and not 3T/IIS hosted desktop?)

    If so, the problem is this:  A saavy user will be able to recover the connection string, no matter what you do.  2T apps fundamentally have this problem. 

    In a 3T app, the server or middle tier is the security boundary. 

    In a 2T app, the database is the security boundary.  That means the connection string you use in your 2T apps must be a database user that has limited rights.

    Monday, February 25, 2013 4:46 PM