most secure way to store sql connection information

[Dayne]

Guys,

I am writing a database application(vb.net , sql server) and is presently
storing the connection settings in a xml file...not very secure though. What
is a safer method in a dynamic environment?

Dayne

 

[Cor Ligthert]

Dayne,

Why is it not secure,

It is better than the registry because you can set it for a lot of clients
in one time.
And when you want to keep it secret you can encode it.

Just my thought

Cor

 

[Greg Burns]

Cor,

Do you have any sample of encoding/encrypting a connection setting in an XML
file?

I have played with CMAB
(http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/cmab.asp)
for encrypting xml files. But (from what I saw at least), only the machine
that did the encryption could decrypt the file. (This would work OK for a
web app, where the IIS server would do it. But no so useful for Windows
apps installed on multiple machines.)

Am I just missing something?

Greg

 

[Cor Ligthert]

Greg,

CJ is in my opinion the encrypting expert from this newsgroup.

(However when you search for Rijndael on MSDN you find a lot of samples,
which you could not find before).

Cor

 

[Guest]

I have tried something like this last year using registry and a wrapper class.
Please see my article here :
http://www.codeproject.com/dotnet/EnterpriseConectionString.asp
Hope this helps.

 

[Cor Ligthert]

Greg,

I saw this searching for something, I do not like to give snipets myself
about encrypting and security.

http://groups.google.com/[email protected]

I think this fits your question?

Cor

 

[Greg Burns]

Cor,

Just tried it out. It does indeed work. I entrypted a value on one
machine, and a second was able to decrypt it.

Have no idea how secure it is, but it serves my needs.

Thanks!
Greg