locked
SqlDatasource ConnectionString hide Database Password RRS feed

  • Question

  • Hi,

    I am using Sqldatasource in c#.

    I want to hide password in connectionstring when i start debug mode.

    Because my password showing debugging mode. I have tried "Persist security info","integrated access but it doesn't work true.

    How can i hide password.

    please help me.

    Monday, May 27, 2013 12:52 PM

Answers

All replies

  • You can encrypt the connection string using the aspnet_regiis tool as described on MSDN here: http://msdn.microsoft.com/en-us/library/dtkwfdky(v=vs.80).aspx

    Also, here is an article describing how to encrypt the connection string programatically: http://www.beansoftware.com/ASP.NET-Tutorials/Encrypting-Connection-String.aspx

    Monday, May 27, 2013 3:22 PM
  • Hi,Thank you for reply my question.

    I am trying to develop for database secure  connection .

    My architecture is below.

    My dll has two method, one of them return connection object(Idbconneciton) and the other is sqldatasource object.

    My problem starts here. :(

     Some application using  sqldatasource control because of that I can't return connection object ( Idbconneciton). if I return sqldatasource object, it shows password    when I start debuging or messagebox ( sqldatasource.connectionstring), i don't want to do that.

    please help me.

    Database secure Connecton Desing


    • Edited by erolc Tuesday, May 28, 2013 8:37 AM
    Tuesday, May 28, 2013 6:43 AM
  • Is it an option to use Windows integrated authentication for database access in your solution? Then you don't need to have the password in the connection string:

    Server=DBINSTANCE;Database=yourDatabase;Trusted_Connection=True;

    If you are required to use SQL Server authentication, decrypt the connection string in your service DLL and then encrypt it on the client side.

    Tuesday, May 28, 2013 8:34 AM
  •  A lot of application are using my dll to connect to different database ( Sql server , oracle ,etc..) .

    Already i am doing  encrypt and decrypt in my dll ,but if developer is wonder connection string  .

    it can be see their applications.

    any application never see password if i return the connection object .

    Sqldatasource is not allowed secure connection and can be crack.

    :(

    Tuesday, May 28, 2013 9:02 AM
  • Hi erolc,

    Here is also a thread talking about how to hide password from connection string.

    http://stackoverflow.com/questions/7581801/how-can-i-hide-my-password-in-my-c-sharp-connection-string

    However if you returns the connection object to clients, I'm afraid it is difficult to hide the information from properties.

    Best regards,


    Chester Hong
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    • Marked as answer by Chester Hong Wednesday, June 5, 2013 9:57 PM
    Wednesday, May 29, 2013 10:22 AM