none
Storing ConnectionString RRS feed

  • Question

  •  

    Hi all ,

    What is the most secure way for storing connectionstring in your opinion?

    And Storing passwords and other sensitive data in database?

     

    Thanks in advance

    Wednesday, September 19, 2007 9:45 PM

All replies


  • There are five ways r thre to store the connectionstring. One is in coding second one in web.config 3rd Registry
    4th com+catalog 5th in udl file. Which ine is the best means every option consists the adv and drawbacks. for this one i may not give exact ans.
    One thing we can do it we can encrypt the connectionstring so that it will be secured one. U can apply the same conecept in case of storeing passswords also. Once the passwords are encrypted it is not that much easy to know the actual password(as per my knowledge)

    Note : If any one finds any mistakes in my stmts plz reply to me so that i can correct

    Thank u

    Baba


    Please remember to click "Mark as Answer" on this post if it helped you.
    Thursday, September 20, 2007 4:41 AM
  • The most secure method is to use Windows Integrated Security. No user ID or password is specified in the connection string and authentication occurs transparently via system credentials.

     

    If you can't use Windows Integrated Security then a user ID and password can be encrypted if stored in a database or, more commonly, in a configuration file. The following should help:

     

    http://www.ondotnet.com/pub/a/dotnet/2005/02/15/encryptingconnstring.html

    http://davidhayden.com/blog/dave/archive/2005/11/17/2572.aspx

    http://msdn2.microsoft.com/en-us/library/ms998300.aspx

     

     

    Thursday, September 20, 2007 12:36 PM