7

I created an application in C# + WPF + MySQL. What is the best (safest) way to store database connection strings?

Frank van Puffelen
  • 565,676
  • 79
  • 828
  • 807
Mediator
  • 14,951
  • 35
  • 113
  • 191
  • Does it need to be safe? If your service is running on your server why would you like to secure the connection string? (I’m supposing you stored it in app config) – Amir Rezaei Nov 14 '10 at 10:20
  • How is the application deployed? Will each user have a different connection string or is there one connection string for all? – Marnix van Valen Nov 14 '10 at 10:21

6 Answers6

9

Store it on your App.config file and always encrypt it. This link will show you how to encrypt parts of your configuration file.

Fernando
  • 4,029
  • 1
  • 26
  • 35
8

You could store connections strings in the configuration file. You may secure them if necessary.

Darin Dimitrov
  • 1,023,142
  • 271
  • 3,287
  • 2,928
  • if I add connect string to app.config - this safe my connect string ? – Mediator Nov 14 '10 at 11:49
  • Anyone who has access to this app.config can read the connection string which might contain sensitive information such as passwords. You could encrypt this section to increase security. – Darin Dimitrov Nov 14 '10 at 11:50
  • Access through the project? or undebagom? how to encrypt? – Mediator Nov 14 '10 at 12:09
  • The app.config file is deployed along with the executable, so anyone who has access to the working directory can open this file. As far as encryption is concerned, the article I've linked to in my answer contains extensive information on how this could be achieved. – Darin Dimitrov Nov 14 '10 at 12:21
  • 4
    -1. I would fire you for that. This file is one that gets Auto installed and uninstalled on updates. IT is the worst place yo uca n put it. You cn put the code into another file and reference it in there, or you an use your own config files, which is what every Project I have seen in the last 10 years does. – TomTom Dec 01 '12 at 08:05
  • If it's a web.config then connection strings are safe and hidden because the web file system shouldn't be browsable – Stephen York Jan 09 '18 at 22:24
2

Alternatively - the registry. The one place you do NOT store them is the app.config file (whatever.exe.config) as it is only in existence ONCE and the programs folder is not something users can change. Per user settings should never be there.

TomTom
  • 61,059
  • 10
  • 88
  • 148
1

If the application is running on a server, I'd recommend the machine.config file and encrypt it in the same manor Fernando recommended. If the application is going to be distributed then app.config is where I would store them.

roto
  • 677
  • 6
  • 11
0

You could use the visual studio settings / properties that are available when using visual studio. They are pretty simple to use, and if you use a user setting it is saved in the app data directory for the user, so it is semi-hidden away from tinkering. Then all you'd have to do is some form of encryption to lock it down completely if you so wanted.

I think the best thing about visual studio settings is the ease of use.

Lukas
  • 1,699
  • 1
  • 16
  • 49
mike
  • 3,146
  • 5
  • 32
  • 46
0

Well I always follows one practice. When ever I do some thing in SL or WPF, I always put Service layer between SL/WPF and database.

Echilon
  • 10,064
  • 33
  • 131
  • 217
Singleton
  • 3,701
  • 3
  • 24
  • 37