1

I created an application that uses SQLite I was instructed in another question to NOT hard code my DB Name
So after learning to store the DB Name in the App.config folder and followup reading New issues have reared the ugly question "Is the DB Name really hidden just because it is in the App.config"
So I opened a test project that I created an EXE file for and I can see the values in the App.config file

Now after reading numerous posts about Encryption of the App.config file I am lost
I am NOT trying to encrypt the entire App.config file
I am NOT trying to encrypt a connecting string unless that is the only option
If I encrypt the DB Name do I need to UN-encrypt it make it available at run time?
This is a WinForms project with VB

I am asking how to preform both function encrypt and UN-encrypt the DB Name?
 Here is the App.config file

configuration
startup
supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.7.2"
startup
appSettings
add key="dbName" value="Notes.db"
appSettings
configuration

Here is the Sub that loads the DB Name

 Public Sub readAppConfig()

    Try
        Dim appSettings = ConfigurationManager.AppSettings
        Dim result As String = appSettings("dbName")
        If IsNothing(result) Then
            result = "Not found"
        End If
        gv_dbName = result.ToString.Trim
    Catch
        tbMessage.Text = "ERROR"
    End Try
End Sub
Vector
  • 3,066
  • 5
  • 27
  • 54
  • app.settings.dbName = EncryptedStringValue, then Dim dbName as string = Decript(app.settings.dbname) Encryption antilogarithm and implementation is up to you – Hursey Jul 30 '20 at 21:30
  • @Hursey Encryption antilogarithm are we talking SHA values? And I see two lines of code here Encrypt and Decrip Call Decrip before I read the value and Encryption is called when I am hand coding the appSettings – Vector Jul 30 '20 at 21:39
  • 1
    Use whatever algorithm you want, I would recommend AES, plenty of tutorials around how to use that. Really all you need to do is encrypt a string and save the encrypted string to your appconfig in the exact same what you're already doing it – Hursey Jul 30 '20 at 22:24
  • @Hursey So Ineed to know how to write a string to App.config That means I can NOT copy and paste the code to the App.config – Vector Jul 30 '20 at 23:05
  • Why do you need to hide the database name? If encryption is required, it's generally for the credentials used to log into the database and, in particular, the password. – jmcilhinney Jul 31 '20 at 00:13
  • 1
    Sure you can, you just need the encrypted string. Little console app to encrypt it, then copy and paste it into your project settings then at runtime you just retrieve the encrypted string as you get dbName now, just decrypt it when building your connection string – Hursey Jul 31 '20 at 00:16
  • @jmcilhinney You said I should not be Hard Coding my DB Name in another post So that might be the WHY so lets say IF I can not encrypt a TEXT Word how will I know how to encrypt a Username and Password I am all eyes I am NOT being lazy here just a little push in the correct direction – Vector Jul 31 '20 at 00:19
  • @Hursey Trying this link https://stackoverflow.com/questions/49509701/how-to-update-app-settings-key-value-pair-dynamically-on-app-config-file-in-c-sh The accepted answer I did convert it to VB – Vector Jul 31 '20 at 00:26
  • 3
    Not hard-coding something is not the same as hiding it. I don't know what thread you're referring to so I don't know what was said and why but one reason to store the database name in the config file is specifically so that it can be edited by hand after deployment, so encrypting it would specifically prevent that. – jmcilhinney Jul 31 '20 at 00:50
  • Well I managed to change the dbName in the ConnectingString but not in the App.config file This post is old but it might provide some insight https://weblogs.asp.net/jongalloway/encrypting-passwords-in-a-net-app-config-file – Vector Jul 31 '20 at 01:32
  • 1
    Now that I kind of understand the problem a little better, I really think you're trying to solve the wrong problem here. As @jmcilhinney says, Hard coding values is very different to encrypting them regardless of what it's used for. I think what jmc is meaning is don't back yourself into a corner by writing environmental dependent variables into your code. – Hursey Jul 31 '20 at 04:14
  • @Hursey If I wanted to hid or obfuscate The DB name where would be the ideal way to do than OR is it not worth the time? – Vector Aug 01 '20 at 23:45
  • 1
    Not worth the time. DB names are pretty publicly visible via tools like Management studio and smo – Hursey Aug 02 '20 at 01:47

0 Answers0