none
SqlDatasource ConnectionString hide Database Password RRS feed

  • Question

  • Hi,

    I am using Sqldatasource in c#.

    I want to hide password in connectionstring when i start debug mode.

    Because my password showing debugging mode. I have tried "Persist security info","integrated access but it doesn't work true.

    How can i hide password.

    please help me.

    Monday, May 27, 2013 12:52 PM

Answers

All replies

  • You can encrypt the connection string using the aspnet_regiis tool as described on MSDN here: http://msdn.microsoft.com/en-us/library/dtkwfdky(v=vs.80).aspx

    Also, here is an article describing how to encrypt the connection string programatically: http://www.beansoftware.com/ASP.NET-Tutorials/Encrypting-Connection-String.aspx

    Monday, May 27, 2013 3:22 PM
  • Hi,Thank you for reply my question.

    I am trying to develop for database secure  connection .

    My architecture is below.

    My dll has two method, one of them return connection object(Idbconneciton) and the other is sqldatasource object.

    My problem starts here. :(

     Some application using  sqldatasource control because of that I can't return connection object ( Idbconneciton). if I return sqldatasource object, it shows password    when I start debuging or messagebox ( sqldatasource.connectionstring), i don't want to do that.

    please help me.

    Database secure Connecton Desing


    • Edited by erolc Tuesday, May 28, 2013 8:37 AM
    Tuesday, May 28, 2013 6:43 AM
  • Is it an option to use Windows integrated authentication for database access in your solution? Then you don't need to have the password in the connection string:

    Server=DBINSTANCE;Database=yourDatabase;Trusted_Connection=True;

    If you are required to use SQL Server authentication, decrypt the connection string in your service DLL and then encrypt it on the client side.

    Tuesday, May 28, 2013 8:34 AM
  •  A lot of application are using my dll to connect to different database ( Sql server , oracle ,etc..) .

    Already i am doing  encrypt and decrypt in my dll ,but if developer is wonder connection string  .

    it can be see their applications.

    any application never see password if i return the connection object .

    Sqldatasource is not allowed secure connection and can be crack.

    :(

    Tuesday, May 28, 2013 9:02 AM
  • Hi erolc,

    Here is also a thread talking about how to hide password from connection string.

    http://stackoverflow.com/questions/7581801/how-can-i-hide-my-password-in-my-c-sharp-connection-string

    However if you returns the connection object to clients, I'm afraid it is difficult to hide the information from properties.

    Best regards,


    Chester Hong
    MSDN Community Support | Feedback to us
    Develop and promote your apps in Windows Store
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Wednesday, May 29, 2013 10:22 AM
    Moderator