0

Recently I am working on an .Net project. We used EF to handle SQL, when we make an installer of the program, we realize that app.config is visible which mean that the connection string is not safe.

I am looking for a way to add connection string (or maybe secret code and username) to the EF so that the connection string is not visible.

Something like change old code from this

Using db As ConnectDb.adoSentoEntities= New ConnectDb.adoSentoEntities
                'TODO
End Using

to this

Using db As ConnectDb.adoSentoEntities= New ConnectDb.adoSentoEntities(ConnectionString)
                'TODO
End Using

But since we used connect code to SQL all over the place, changing every single line of code is not possible. There is a way I only need to add connection string once?

Aria
  • 3,724
  • 1
  • 20
  • 51
Minh Cht
  • 305
  • 2
  • 5
  • 13
  • ConnectionStrings section could be encrypted – Steve Feb 23 '19 at 09:16
  • https://learn.microsoft.com/en-us/dotnet/framework/data/adonet/connection-strings-and-configuration-files#encrypting-configuration-file-sections-using-protected-configuration – Mary Feb 24 '19 at 01:47

2 Answers2

1

You’d be better off encrypting the connection string section in the app.config. You wouldn’t need to make any changes. Storing any sort of configuration in an assembly can be read using a hex editor. It’s been answered on here before. Encrypting Connection String in web.config

You’d be better off using a trusted connection if you’re using SQL Server. The user running the app would need to have permissions and no username and password is required.

Adam Cruickshank
  • 56
  • 1
  • 3
  • Thank you very much i checked the first link of the marked answer, i am well aware of the encrypting method but the tricky part is how do i let EF get my decrypted connection string instead of the encrypted string? – Minh Cht Feb 24 '19 at 15:23
  • I mean it seem to me that that solution will put decrypted connection string back to app.config – Minh Cht Feb 25 '19 at 01:59
  • When I used it (with a VB6 dll calling a .net assembly’s the configuration manager knew it was encrypted and did the decryption for me. I’d expect EF to do the same. – Adam Cruickshank Feb 25 '19 at 18:33
0

Save connection string is settings of project properties.

  1. Go in project properties.
  2. Select settings.
  3. Add new setting as connection string and save connection string. Then you can use it for whole project.
Pooh
  • 19
  • 1
  • 7
  • Thank, now i only need a way to do it programmatically. i will check if it work, and i will mark your answer as the solution of this question – Minh Cht Feb 23 '19 at 10:49
  • 1
    I believe that ends up in the app.config – Mary Feb 24 '19 at 01:44