Password

[Ahmet AKGUN]

Hi; In my application, I must hold database password in a configuration
file at client.

Two questions,

* Is there way to keep password easily using an ini file structure ?
( I cant use registry , because program will place on one path on network
and all clients will run them from this network path)

* I know .net code can be seen using ildasm, is there any ready tool to
encrypt my database password at client in ini file ?
If I write a small cyrpto program using .net, I think it will easily be
resolved using ildasm tool.

regards..

 

[Morten Wennevik]

Yep, you can quite easily store usernames and passwords in an .ini file and
encrypt one or both. I recommend you create an xml file for this use since
you then can use it as a database with .net's built-in xml functions.

It's been a while since I've written something like this, but you need a
xml file and a following xml schema. At run time you can load this file
like you would when connecting to any database server, and check if a
specific username and password matches.

You can encrypt the password with
Password = FormsAuthentication.HashPasswordForStoringInConfigFile(Password,
"SHA1");

Then you simply compare the encrypted password with the stored encrypted
password.

 

[Ahmet]

my password is database login password and I need both encrypted and clear
form of it.
I mean hashing password will not work.

 

[Morten Wennevik]

Take a look at at the classes in System.Security.Cryptography