2

I have an application, where I should connect to a SQL Server. It is protected by password. So when I'm starting program for the first time, I'm creating dynamically connectionString and save it in app.config. For the next times I can use created connectionString. I've googled and decided to do following: encrypt connectionString in app.config and save password in my code. When I would like to connect to database next time, I will decrypt connectionString, add userId and password and connect with new connectionString to server. Before closing program, I will delete userId and password from connectionString and encrypt it again. But I have some questions:

1) Is it a good solution?

2) When I am starting program for the first time, I need to create connection string, so somewhere in code should be userId and password. How to deal with this problem?

Sasha
  • 833
  • 1
  • 20
  • 40
  • Isn't it better to create a setting? – r.mirzojonov Aug 27 '13 at 14:23
  • @Ravshanjon can you explain to me please, because I'm new to security issues – Sasha Aug 27 '13 at 14:25
  • Do you know something about Settings.settings? If you don't know please see this http://stackoverflow.com/questions/17379526/c-sharp-how-to-add-string-to-resources – r.mirzojonov Aug 27 '13 at 14:26
  • There are a few similar questions, try this one http://stackoverflow.com/questions/5803188/encrypting-connectionstrings-section-utility-for-app-config – Kev Aug 27 '13 at 14:27

4 Answers4

2

As I understand you create connection string dynamically. So you can encrypt this section from code as well. The encryption algorithm by default will use your machine key to encrypt the section, here is the link how to do it http://www.dotnetcurry.com/ShowArticle.aspx?ID=185

Masoud
  • 8,020
  • 12
  • 62
  • 123
Alexandr Mihalciuc
  • 2,537
  • 15
  • 12
  • I used this method. But def pay attention to "machine key" part. What a work around is to write a "back door" encrypter (button?)....place the unencrypted info in the config file...and then run the "back door" encrypting code....... – granadaCoder Aug 27 '13 at 14:41
1

Before closing program, I will delete userId and password from connectionString and encrypt it again

That's not a good solution. Your data should always be encrypted or at least be lost on program termination. If your user kills your program using the task manager (or it simply crashes), and you rely on the fact that your program will encrypt data on exit, your data is left unencrypted.

You could encrypt the whole connection string at the point you get the username and password. Then, any time you want to connect, decrypt it, pass it to the required functions and get rid of it. Never persist it in an unencrypted way.

nvoigt
  • 75,013
  • 26
  • 93
  • 142
  • If they are hardcoded, why not put the whole connection string into the config from the start? Encrypted of course. – nvoigt Aug 27 '13 at 14:39
  • I don't know where sql server will be located, so when I'm running program for the first time, customer selects server, and using this server name, I am creating connectionString – Sasha Aug 27 '13 at 14:59
  • The user selects the server, but you already know the username and password? That sounds strange. But anyway, there is a point of time where you have the connection string. Encrypt it and save it. Only decrypt it in memory when you need it. – nvoigt Aug 27 '13 at 15:30
1

Create DBUsername, DBPassword and other DB entries as keys in the app.config. For the DBPassword, encrypt it (symmetric probably) using a master key that is hard coded in code. This is generally enough. There are other ways such as the use of a key store to store the key.

If you don't want to construct the conn string each time, create the app config entry holding the entire connection string and encrypt the whole thing with the master key (I see no value here).

Vivek
  • 428
  • 2
  • 13
  • Can you provide an example? – Sasha Aug 27 '13 at 14:39
  • 1. Write a test program to generate a master key: http://msdn.microsoft.com/en-us/library/system.security.cryptography.rijndaelmanaged(v=VS.100).aspx#Y2262 2. Use this key in the test program to encrypt the DBPassword. 3. Write this encrypted DBPassword to the app.config 4. Copy the key that you generated in step 1 and hard-code in your application source code. 5. When the application runs and you need to generate the conn string, decrypt the encrypted DBPassword found in app.config (step 3) using the hard-coded key (step 4). – Vivek Aug 27 '13 at 14:52
  • Can't a hard coded password be reverse engineered fairly easily? – Steve Byrne Sep 22 '17 at 23:38
  • 1
    Holy necro, Batman! "Fairly easily" depends on who's trying to compromise the system. In any case, there are other possibilities. You could create a wrapped ODBC/JDBC driver that requests the password from a secure vault. You can construct the connection string in code and obtain the parts from that same secure vault. Depends on how far you want to go :-). Smart money would probably say harden your server host and audit whoever accesses the filesystem, so you don't destroy your application's scalability. – Vivek Nov 30 '17 at 11:20
0

If you're using windows and the credentials are the same as your windows authentication, you can omit the username and password from the connection string and replace it with Trusted_Connection=true

Jas
  • 21
  • 3