none
having connectionstring in app.config at design time but not at run time RRS feed

  • Question

  • I have a .net 2.0 WinForm app which connects to an online MySQL database. The connection string is stored in the app.config file. However, I don't like this as any of our clients can go to their C:\Program Files\ProductName folder, open the app.config file in Notepad and view our log in details.

    So what I have done is to delete the connection string from the app.config file, and create it at runtime. This works fine. But my problem now is that whenever I use any of the data wizards or the dataset designer, it cannot find the connection string. So that's a bit of a problem when designing my application.

    Anyone have any ideas on how I can still have my connection string at design time for use with Visual Studio's data wizards and dataset designers, yet have it not be there when I deploy my application? The only thing I can think of is to manually delete the connection string from app.config before every deployment...

    Thanks in advance


    Fabricio Rodriguez Pretoria, South Africa

    Friday, August 31, 2012 10:46 AM

Answers

  • It is possible to encrypt parts of the app.config file, so your connection string would not be available to normal user.

    See:

    http://social.msdn.microsoft.com/Forums/en-US/netfxbcl/thread/08153cf1-41b6-4472-875b-803f0845a4e1/

    http://msdn.microsoft.com/en-us/library/89211k9b%28v=vs.80%29.aspx

    http://www.codeproject.com/Articles/20398/Encrypt-and-Decrypt-ConnectionString-in-app-config

    • Proposed as answer by MasaSam Friday, August 31, 2012 12:43 PM
    • Marked as answer by Mike FengModerator Friday, September 7, 2012 6:29 AM
    Friday, August 31, 2012 11:48 AM
  • Hi Fabs,

    Welcome to the MSDN Forum.

    I think you need to make a little change: http://msdn.microsoft.com/en-us/library/ms254494.aspx 

    And how about boothwine's suggestion?

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, September 3, 2012 9:31 AM
    Moderator

All replies

  • It is possible to encrypt parts of the app.config file, so your connection string would not be available to normal user.

    See:

    http://social.msdn.microsoft.com/Forums/en-US/netfxbcl/thread/08153cf1-41b6-4472-875b-803f0845a4e1/

    http://msdn.microsoft.com/en-us/library/89211k9b%28v=vs.80%29.aspx

    http://www.codeproject.com/Articles/20398/Encrypt-and-Decrypt-ConnectionString-in-app-config

    • Proposed as answer by MasaSam Friday, August 31, 2012 12:43 PM
    • Marked as answer by Mike FengModerator Friday, September 7, 2012 6:29 AM
    Friday, August 31, 2012 11:48 AM
  • You should encrypt it as boothwine has adviced.

    Friday, August 31, 2012 12:43 PM
  • Thanks for your reply... I will check out those links now. Just one quick question - if I encrypt the string, will the Visual Studio dataset designer, for example, be able to read it (at design time)? Or will it only be able to be read at runtime, once decoded...

    Thanks for your support


    Fabricio Rodriguez Pretoria, South Africa

    Friday, August 31, 2012 1:27 PM
  • Hi Fabs,

    Welcome to the MSDN Forum.

    I think you need to make a little change: http://msdn.microsoft.com/en-us/library/ms254494.aspx 

    And how about boothwine's suggestion?

    Best regards,


    Mike Feng
    MSDN Community Support | Feedback to us
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Monday, September 3, 2012 9:31 AM
    Moderator