can a user view vb.net settings in application

Question

I am creating a VB.net application and including my database credentials in the settings of the project, so to access i use:

My.Settings.SettingName

Is there any way a user using the application can view these settings?

I am worried about someone being able to log into the database if they ever manage to see the settings?

Settings are just stored in an easily readable XML file. The location can be a tiny bit hard to find, but thats all. — Ňɏssa Pøngjǣrdenlarp, Jan 16 '15 at 17:58
@charlie Yes, assuming they manage to find the XML file that contains the settings, they would be able to read them. — Blackwood, Jan 16 '15 at 18:35
VB.NET is a language. This answer requires knowledge of the platform. IE, Web or Desktop application. — Steve, Jan 16 '15 at 20:05
Note: If you want to save the credentials and be able to modify them, you could always encrypt the strings. I can give you an encryption code if you want to. — Visual Vincent, Jan 17 '15 at 20:28

o.carltonne · Accepted Answer · 2015-01-16T20:01:45.503

-5

Application users can not see these settings. The only way to see the settings is to look at the code as a developer.

EDIT: In my humble experience, the best choice for hiding a connection string in your app, considering the environment I work in, is to hide it in the vb code. You can make a database utilities class, and put your methods and properties there - methods being connect, execute commands etc, and a private property which is your connection string that other methods in the class use.

Other people can see the connection string, like other developers, or people who are browsing around the same files you have access to, but upon deployment, it will be very difficult for someone to extract the connection string out of yourapp.exe.

edited Jan 16 '15 at 20:01

answered Jan 16 '15 at 17:51

o.carltonne

365
1
3
13

1

These settings are stored in an XML file on disk. Anyone with the will and a little knowledge can easily find them. – KevenDenen Jan 16 '15 at 18:37
1

Are you serious, "The only way to see the settings is to look at the code as a developer"? Anyone can see these, they are in clear text on disk... – Trevor Jan 16 '15 at 18:58
If I'm in a windows form app using it, clicking it, reading it - or if I'm on a web site using it, the settings are not exposed through the app unless the developer chooses to expose them (like web.config, app.config). If I want to go outside of the app and look through app files, of course I can find an xml file and read it. "a user using the application" is what I am speaking to. If I'm in the file system, I'm not using the app anymore. But yes, the xml they find while browsing files can be used to access the database. – o.carltonne Jan 16 '15 at 19:54

can a user view vb.net settings in application

1 Answers1