Connection String Security C#

人走茶凉 提交于 2021-02-11 06:23:22

问题


i create a c# program that use mysql to verify user login.I googled about connection string security and every thing was about web.config file. Is that necessary to hide connection string in pure c# program?if yes, please give me reference to do that.

I encrypt my code, is that enough to protect connection string in my program?

private static MySqlConnection myConnection = new MySqlConnection("sample connection string");

tiny edit after solve the problem: I find goof article and project to encrypt App.config designed for connection string that you can check it here


回答1:


You can refer Securing Connection Strings.

you should encrypt the configuration file so that the user name and password are not exposed in clear text.

So putting the connection string in the config file and encryting it is one way to make your connection string secure.

Encrypt Configuration Files

You can also store connection strings in configuration files, which eliminates the need to embed them in your application's code. Configuration files are standard XML files for which the .NET Framework has defined a common set of elements. Connection strings in configuration files are typically stored inside the element in the app.config for a Windows application, or the web.config file for an ASP.NET application.

MSDN Reference:

  • Protecting Connection Information
  • How To: Secure Connection Strings when Using Data Source Controls


来源:https://stackoverflow.com/questions/33259587/connection-string-security-c-sharp

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!