0

Currently I have a C# console application which connects to a SQL Database using Entity Framework 6. I have the database credentials(Username, Password, DBName etc.) in the app.config file as a connection string. I understand that this is a security vulnerability, so I'd like to be able to take the Database Credentials as a user input. I'd then like to connect to the Database using what the user has inputted. Is there a way to pass parameters into app.config? If not, what is the best way to accomplish this goal? Thanks!

CodeCaster
  • 147,647
  • 23
  • 218
  • 272
user3440081
  • 29
  • 3
  • You could potentially make a user on database whenever new account is created and then use that user as a login user to your database in readonly mode. But this requires from you, having one global login to add/remove users from the database. – mrogal.ski Jul 25 '17 at 08:16
  • I don't think that accomplishes what I want. I can't believe there's no way to make the user provide database credentials. Does everyone have their database credentials hardcoded into their config files? – user3440081 Jul 25 '17 at 08:21
  • There are plenty ways of doing that. But the thing is we are not magicians... and if you want us to list you all of the possible methods then you should go ask google. Try out something, post your code which is issuing and then somebody will help you. – mrogal.ski Jul 25 '17 at 08:25
  • @SoheilAlizadeh don't use `inline code` to highlight random terms, that doesn't improve readability. – CodeCaster Jul 25 '17 at 08:31
  • @codecaster ok, thanks for your notices. – Soheil Alizadeh Jul 25 '17 at 08:33

1 Answers1

1

If securing the password in your connection string is a concern you may consider encrypting the connectionstrings section in your app.config. There are several ways of doing it but using aspnet_regiis utility is easiest. see here for some examples.

If you want to avoid storing passwords in app.config you should build the connection string in code with the inputs provided at runtime. The SO post mentioned in the comment by @fuchs777 explains how to do that.

Hintham
  • 1,078
  • 10
  • 29