1

Is it possible to hide the user id and password from source when the developer can trace the source?
Sorry for my bad English.

Jim Simson
  • 2,774
  • 3
  • 22
  • 30
Meysam Savameri
  • 347
  • 2
  • 4
  • 8
  • you mean when they look at your file where you entered the connection string? – DerApe Sep 27 '12 at 08:09
  • similar questions: http://stackoverflow.com/questions/40853/how-to-store-passwords-in-winforms-application http://stackoverflow.com/questions/3425908/hide-password-on-desktop-application-code – Sga Sep 27 '12 at 08:14

5 Answers5

2

I'm guessing you are putting the connection string in the source code. If you are the first thing you should do is move it to the app.config / web.config file.

http://msdn.microsoft.com/en-us/library/ms254494(VS.80).aspx

If you are already using the app.config or web.config file can you give more details.

Robert
  • 3,328
  • 2
  • 24
  • 25
2

If using MS SQL you can use integrated auth and simply not have user name and password in the connection string:

Data Source=myServerAddress;Initial Catalog=myDataBase;Integrated Security=SSPI;

(sample copied from http://www.connectionstrings.com/sql-server-2008)

Alexei Levenkov
  • 98,904
  • 14
  • 127
  • 179
2

you should keep the connectionstrings in web.config file and then encrypt the web.config file so that the passwords are safe. you can find help on how to encrypt web.config file here http://msdn.microsoft.com/en-us/library/dtkwfdky(v=vs.100).aspx

th1rdey3
  • 4,176
  • 7
  • 30
  • 66
1

A way to not store the password in the source is to make it a part of the server environment (read from a file, store it into an environment variable, etc.)

MaxVT
  • 12,989
  • 6
  • 36
  • 50
1

Encrypt the connection string, more details can be found here: Encrypting Configuration Information Using Protected Configuration and Securing Connection Strings

chridam
  • 100,957
  • 23
  • 236
  • 235