0

I have an C# WPF programm written in C# with Visual Studio. In it there's an SQL Connect Class, which gets the ConnectionString from a config file:

ConnectionStringSettingsCollection SQLString =
        ConfigurationManager.ConnectionStrings;
        string connectionString = "";

        if (SQLString != null)
        {
            foreach (ConnectionStringSettings cs in SQLString)
            {
                connectionString = cs.ConnectionString;
            }
        }

        connection = new MySqlConnection(connectionString);

The Connection string is in a seperate config:

  <connectionStrings>
<add name="SQLServer"
 providerName="System.Data.ProviderName"
 connectionString="SERVER=my.domain;DATABASE=myDB;UID=myUser;PASSWORD=myPassword;" />

As far as I understand it, you shouldn't put passwords into the compiled code. I've hear that you can encrypt config files. How can I do this? Could someone provide a step by step example?

Thanks!

Tim
  • 143
  • 9
  • Anyone with the appropriate permissions on the target machine and file can decrypt the config again, so make sure that encrypting the config is what you're actually after. Instead of giving your application direct database access, consider making it call a web service, for example. – CodeCaster Dec 03 '18 at 13:18
  • Use Windows Authentication and you won't have to bother about usernames and passwords. Just add all allowed users to a Windows Group and give database permissions to that group – Panagiotis Kanavos Dec 03 '18 at 13:21
  • @PanagiotisKanavos My SQL Server is on Linux (Raspbian), can I still asign Windows Groups? – Tim Dec 03 '18 at 13:31

0 Answers0