1

I created a windows library to do data reading from files and some custom filter, append, remove, update data towards my database on SQL Server. And my library requires app config which needs to put in connection string, because this library actually connects with more than 1 database.

If i were to deploy to my database server, i would need to do encryption to my connection string for security purpose. I have read a lot of discussion in stack overflow, but most of them are using RsaProtectedConfigurationProvider which requires my database server to have IIS server to do decryption. But the case is my database server don't add in the IIS on windows component as it will requires opening a new port which means open a new thread towards the server.

So my challenge right now is to do encryption of my app config without using any of ASP.net encryption tools. Is there any other way for me to do the encryption?

Stone
  • 111
  • 2
  • 14
  • You really only need encryption if you have passwords stored in there (though some would argue that the server name should also be hidden) Thats why I always make every effort to use windows authenication. If your database supports that (it would really help of you indicated which it is), you may wish to consider that option. – Nick.Mc Feb 11 '16 at 03:13
  • Well our server are using sql authentication so can't really use windows authentication... – Stone Feb 15 '16 at 02:46
  • Is there a particular reason it's using SQL Authentication or is that just what you've always done? In fact a SQL Server only has two athentication modes: SQL + Windows or just Windows. There is no SQL only mode. If this is to be deployed on the internet (not intranet) then yes it's understandable that you would be using SQL authentication rather than windows authentication. – Nick.Mc Feb 15 '16 at 03:47
  • If your windows library uses an "app config" then I guess it is a dot Net based? and that means you should probably start here: https://msdn.microsoft.com/en-us/library/0ss79b2x(v=vs.110).aspx – Nick.Mc Feb 15 '16 at 03:49
  • yeah we're web based application, which database server and application are separated, thats why using SQL authentication.. And yeah we're using .Net framework, i was looking how we can encrypt whole xml tag inside config for example the whole tag, as i can't find it yet, currently i'm using **Rijndael** to encypt the value of connectionstring something like this @Nick.McDermaid – Stone Feb 18 '16 at 07:08
  • So I still recommend using windows authentication rather than fiddling with encryption. But if you don't understand or don't want to use windows authentication then have a crack at that .Net library and post back any specific questions – Nick.Mc Feb 18 '16 at 07:35

0 Answers0