-2

I'm writing a program on Visual studio using C#. My question is, after I publish the app .exe, is any hacker can see my codes like SQL user name , password etc. is it possible? How can I block this in development stage?

Trevor Hickey
  • 36,288
  • 32
  • 162
  • 271
Ahmet Çelikezer
  • 37
  • 7
  • 1
    Yes your application can be decompiled. **You should never use hard coded passwords inside your application back-end code (unless it's for your own use)**. – Jim Oct 27 '16 at 23:04
  • http://stackoverflow.com/questions/179741/how-do-i-decompile-a-net-exe-into-readable-c-sharp-source-code Seems so. – Radmation Oct 27 '16 at 23:04
  • Why do you have passwords in your solution anyways? If they are in the DB they should be salted and hashed. – Radmation Oct 27 '16 at 23:06
  • 1
    Possible duplicate of [How can I protect my .NET assemblies from decompilation?](http://stackoverflow.com/questions/2478230/how-can-i-protect-my-net-assemblies-from-decompilation) – hatchet - done with SOverflow Oct 27 '16 at 23:09
  • Thanks , i mean database password like : MySqlConnection baglanti = new MySqlConnection("Server=url.com;Database=mt2loncamebedi;Uid=user-me;Pwd=thepassss;"); – Ahmet Çelikezer Oct 27 '16 at 23:12
  • You shouldn't connect to the online database directly. You should connect to an API that in turn communicates with the database. That way you don't need to include the database username and password in the app. – JJJ Oct 27 '16 at 23:15

2 Answers2

0

You can Encrypting Configuration Information

Part of securing an application involves ensuring that highly sensitive information is not stored in a readable or easily decodable format. Examples of sensitive information include user names, passwords, connection strings, and encryption keys. Storing sensitive information in a non-readable format improves the security of your application by making it difficult for an attacker to gain access to the sensitive information, even if an attacker gains access to the file, database, or other storage location.

But all you are doing is not making it not easily decodable.

You simple cannot hide a connection string.

You should connect to a service that authenticates the client and service connects to the database. The database whould not even be publicly available. See WCF (Windows Communication Foundation).

paparazzo
  • 44,497
  • 23
  • 105
  • 176
-1
  1. Even encrypted files are not safe, hackers can try access main computers to clone source files....
Marcel Rodrigo
  • 9
  • 1
  • Then how i protect my sql connection string , mean what is a safest way to hide this strings or is any other way exist for protect my data base informations on the app ? – Ahmet Çelikezer Oct 27 '16 at 23:24