0

I am working on a win form application .net framework 4.0.

I have got connection string in app.config. I need to encrypt it. If I use "DataProtectionConfigurationProvider" then this will be machine specific. Encryption done on one machine cannot be used on other machine. So if I have 100 machine then encryption will be done 100 times on every machine.

I have to deploy this application on 100 machines.

Is there is way if I encrypt it and then use it on all other machines.

Any help will be appreciated.

user3272246
  • 1
  • 1
  • You would use user name and password to do so. Otherwise it will not be entirely safe. When user logs on for the first time, write encrypted conn string. There are many scenarios you can use. Your IT can push encrypted data with user credentials, for example. And user will have to change password on the first run and re-encrypt the conn string – T.S. Feb 04 '14 at 19:28
  • How to encrypt database connection string from source code using c#. Can you suggest one. It's a database connection so users will not change the passwords. I just have to encrypt on one machine so that it works on all the machine if copied over. – user3272246 Feb 04 '14 at 19:58
  • If it will be encrypted without using a secret key, like password, and your key will be saved in the code, then it is not safe. Your code can be reflected and key extracted easy. Best scenario is to encrypt it using some password and then give it to user, when user runs for the first time, change the password and re-encrypt. User doesn't even need to know contents of the file and all connections will go as one user. But the encryption will be done by each user. – T.S. Feb 04 '14 at 20:11
  • As you have mentioned encryption done by each user. That is what I am trying to avoid. Users are not capable to do an encryption. So what I am looking at Step1 - database connection string gets encrypted using some encryption algorithm on the first login by the user(On one machine). Step2- Take that encrypted source code with app.config and copy to all other machines without any encryption done at users. – user3272246 Feb 04 '14 at 20:27
  • Then you looking at your application not passing the Audit on security issues – T.S. Feb 04 '14 at 20:29
  • Could you please give me more information on this. If one of the user(Super user) has encrypted the app.config on the first login and the same files are copied to all other users. They will have the same encrypted app.config. So where is the issue...I really appreciate your help.. in this regard.. – user3272246 Feb 04 '14 at 20:41
  • The issue is - have 100 users with one password. You don't see it as an issue? Besides, if user has a password, your code and the app.config file - your connection is not safe. You would be much safer if you had a web service to retrieve for in memory-only use connection string. – T.S. Feb 04 '14 at 21:01

1 Answers1

0

Create your own Encrypt/Decrypt functions. Store it encrypted and call decrypt from your application when creating the SQLConnection

There are plenty of examples to do so.

Crypto Examples

Community
  • 1
  • 1
Tsukasa
  • 6,342
  • 16
  • 64
  • 96