How to hide sql connection string in a Visual Studio project?

Question

I am going to send a C# project to a company for a test for application, but I realized I do not know something fundamental. I am using my website's sql server and when I send the project the person who will examine the code will see it.

Is there a way to hide it? In a dll or something?

Can't you create a new user in SQL server with minimal permissions possible? — kamil-mrzyglod, Jul 23 '15 at 06:47
it is a Console application. But now I think no matter how hide it, when the person is debugging he will see last version of connection string in break. Probably as @Kamo says, I need to create a new user for this. — zgrkpnr89, Jul 23 '15 at 06:49
@zgrkpnr89 - if you publish your application it will be not possible to fetch connection string since all settings will be embedded into it. — kamil-mrzyglod, Jul 23 '15 at 06:51
@zgrkpnr89 - in case of that it is not possible unfortunately :( Either create special user for this application or implement some connection string encryption. — kamil-mrzyglod, Jul 23 '15 at 06:53
How would this person be accessing your SQL server, is it not located on your private network, and behind a firewall? — 3dd, Jul 23 '15 at 06:55
To remark what 3dd said: **do you expose SQL Server to Internet???** — Adriano Repetti, Jul 23 '15 at 08:34

score 1 · Accepted Answer · edited May 23 '17 at 12:21

The solution is obviously to remove sensitive information from connection string somehow. I can think of two minimal effort ways:

Use MSSQL's Windows integrated authentication. You'll need to run your application pool under account that has permissions on the database, but that way connection string won't contain username or password in it, just Integrated security=true;
Remove connection string from all project files and add it only on pre build event. You can store it in a local file outside of project directory. If you store connection string in a web.config file, one way to transform it is through TransformXML.

If the OP wants to hide the credentials from whoever is doing debugging, only the first solution will work. — Panagiotis Kanavos, Jul 23 '15 at 07:07

How to hide sql connection string in a Visual Studio project?

1 Answers1