How to safely save connection string in c# code?

Question

I'm creating a c# client to be installed on a third party server to allow an easy monitoring system.

This c# client would send info to us, and so, I thought to send data to a mongoDB server. Easily done, it works, but ...

But I'm not aware of how save in c# code or in app settings the connection string in a way that cannot simply be see in plain text using, for example, ilspy or similar.

I know that all is reversible, but is there a way to obfuscate a string or crypt it or what else to just be a bit more safer?

In S.o. I consulted the follows

Encrypt connection string in c# code : this refers to section.SectionInformation.IsProtected, but there is not the 'theory' so I've not idea of what is this; also linked msdn article lead to an old vs2015 retired document
C# WinForm application - How to save connection string (SQLite) : this question does not face the problem of how to hide plain text string but only how to save it
Encrypting/Decrypting connection string from C# code : it looks interesting but it refers only to web.config

You may also limit the power granted by this connection string to the strict minimum. — Drag and Drop, Nov 13 '18 at 07:49
I believe that there is no 100% Safe method, Older SQL Server version were vulnerable to a simple MITM, where you could intercept the login/password just by saying I don't want you to accept ssl. — Drag and Drop, Nov 13 '18 at 07:53

score 1 · Accepted Answer · answered Nov 13 '18 at 07:04

Well as you said it's all reversible so we've got that out of the way.

If you simply want to make it harder without going into much effort and there is no need to modify the string often, leave it out of the configuration and store it in code, then use a code obfuscator, a lot of them will obfuscate strings. For example Smartassembly will do that.

How to safely save connection string in c# code?

1 Answers1