User and password for sql connect string

  • Thread starter Thread starter RA
  • Start date Start date
R

RA

Where is the best place to have my user id and password kept for accessing
the sql server database? I have it right know with the connection string,
are there other places I can store it and then retrieve it as I am about to
connect to the database? I have a shared web host.

Ron
 
I'd encrypt the whole connection string if possible, and definitely the
username and password. If the use gives you the username and password that
you are using for your connection, you might be headed for trouble. Store
them encrypted in your .config file, and then decrypt them as you need them.

Don't hard code them in the code whatever you do unless you seriuosly
obfuscate everything.
 
1) How to encrypt? using what?
2) how do I access the web.config file from my code?
3) Whats wrong with having the db user id and password in the mypage.aspx?
?How can someone see this from the client side?

Ron
 
1) How to encrypt? using what?
using System.Security.Cryptography;


2) how do I access the web.config file from my code?

<%System.Configuration.ConfigurationSettings.AppSettings["YourFieldNameHere"
]%>
mypage.aspx?
Try ILDSAM.exe or another disassembler. You code isn't private unless you
obfuscate it

4) > ?How can someone see this from the client side?
IF they can see your .dll, they can see what's in it. Under normal
circumstances, they shouldn't be able to access it, but there are a lot of
security breaches, and if one were to occur, you probably don't want to give
them vital information that could enable them to do more damamge.
 
Thank you very much for all your help.

Ron

William Ryan said:
1) How to encrypt? using what?
Click to expand...
using System.Security.Cryptography;


2) how do I access the web.config file from my code?

<%System.Configuration.ConfigurationSettings.AppSettings["YourFieldNameHere"
]%>
3) Whats wrong with having the db user id and password in the
Click to expand...
Click to expand...
mypage.aspx?
Try ILDSAM.exe or another disassembler. You code isn't private unless you
obfuscate it

4) > ?How can someone see this from the client side?
IF they can see your .dll, they can see what's in it. Under normal
circumstances, they shouldn't be able to access it, but there are a lot of
security breaches, and if one were to occur, you probably don't want to give
them vital information that could enable them to do more damamge.


Ron
Click to expand...
Click to expand...
 
Back
Top