Connection String protection

  • Thread starter Thread starter Harry Simpson
  • Start date Start date
H

Harry Simpson

I've usually created a module and placed the connection string along with
password etc within the module. Keeping the Server IP part in the
app.config for changes.

Is this what most everyone does to protect from the text readable config
files?
 
Putting it in a module isn't any protection - Reflector can find it really
easily. If you want it to be less meaningful, so that a casual reader, even
with Reflector, can't just copy and paste it, then hash it. In that case
you could store it in the config file to make it easier to change without
having to create a new binary. If you're concerned about security you could
encrypt it (though the private key would be in managed code and not so
secure anyway).

I suppose you could always keep it in it's own assembly and strong-name
that, then check the strong name key at run time.


--

Chris Tacke, Embedded MVP
OpenNETCF Consulting
Giving back to the embedded community
http://community.OpenNETCF.com
 
What about just the local device database connection string with the
password etc?
I suppose the hash would be the best. want to secure data on the device for
the most part.

Thanks
Harry
 
Back
Top