none
Encrypt the connection string to Entity Framework RRS feed

  • Question

  • I would like to encrypt the connection string to Entity Framework 6.1.
    I would like to put a new constructor in a partial class and do the decryption myself. I already have the encrypt/decrypt code.
    How do I call the DBContext base class?

    (I have a windows forms application and I use C# 4.5)


    Certified Geek


    • Edited by Arne MN Wednesday, July 9, 2014 5:36 PM
    Wednesday, July 9, 2014 5:35 PM

Answers

  •  Solved it:

    public partial class CURAEntities : DbContext
        {
            public CURAEntities(string dummy)
                : base("name=CURAEntities")
            {
                string con = ConfigurationManager.AppSettings["CURA"].ToString();
                DES_Codec myCodec = new DES_Codec();
                Database.Connection.ConnectionString = myCodec.DecodeString(con);
            }
        }


    Certified Geek

    • Marked as answer by Arne MN Thursday, July 10, 2014 1:31 PM
    Thursday, July 10, 2014 1:30 PM

All replies

  • Most would just encrypt the password in the connectionstring and not go through all of that. They would also address the login to SQL Server Management stuido to the database and use special key combinations for the psw, which would force the encrypt of the password to by used in the connectionstring.
    Wednesday, July 9, 2014 9:18 PM
  • How would SQL server decrypt the password?

    I was planning to store my connection string in app.config. I someone finds my app.config they can hack into my database!

    Maybe I have misunderstood you?


    Certified Geek

    Wednesday, July 9, 2014 9:29 PM
  • To keep it simple, I would just go with the below.

    http://www.codeproject.com/Articles/20398/Encrypt-and-Decrypt-ConnectionString-in-app-config

    Or

    Something like this.

    http://www.dotnetprofessional.com/blog/post/2008/03/03/Encrypt-sections-of-WebConfig-or-AppConfig.aspx

    Behind a closed network, the DBA would make up an encrypted psw by using Shift/Ctrl/ some-key in combinations to make up an encrypted psw to login into SQL Server.  :) I have seen it done.  

    Wednesday, July 9, 2014 11:49 PM
  • 1. Yes I know how to encrypt a connection string. All I need to know if an encrypted connection string can be picked up by the entity framework.

    2. I have tried the Enterprise library for encryption and it was to easy to break in to. The enterprise library provides a hacking utility.

    3. You 3rd idea was an obfuscated password that would be hard to type from the keyboard. All a hacker would do is to copy to the clipboard and past into a login screen.


    Certified Geek

    Thursday, July 10, 2014 11:54 AM
  •  Solved it:

    public partial class CURAEntities : DbContext
        {
            public CURAEntities(string dummy)
                : base("name=CURAEntities")
            {
                string con = ConfigurationManager.AppSettings["CURA"].ToString();
                DES_Codec myCodec = new DES_Codec();
                Database.Connection.ConnectionString = myCodec.DecodeString(con);
            }
        }


    Certified Geek

    • Marked as answer by Arne MN Thursday, July 10, 2014 1:31 PM
    Thursday, July 10, 2014 1:30 PM
  • 3. You 3rd idea was an obfuscated password that would be hard to type from the keyboard. All a hacker would do is to copy to the clipboard and past into a login screen.

    Well tell that to the DoD and the US Air Force, becuase that's what I have seen done. :)

    Thursday, July 10, 2014 4:54 PM
  • We all have to continually upgrade our security on a regular basis.

    Certified Geek

    Thursday, July 10, 2014 4:56 PM
  • Solved it:

    Good, but on the other hand, an attack on a database is most likely going to come through a SQL Injection attack right through the program accessing the DB.

    Fortunatly, you are using Linq and EF which kind of midgates that attack vector.

    http://www.devx.com/dotnet/Article/34653

    Thursday, July 10, 2014 5:06 PM