0

In my WPF tool, there is database connection string like:

Server=myServerAddress;Database=myDataBase;User Id=abd;Password=xyz;

I give a exe file to users as interface. We don't allow user's Windows ID to have direct access to database. So the WPF tool can't use Windows authentication. The connection string in the WPF contains database username & password. If someone has knowledge, he can use some tools like ILSpy to de-compile the exe file and see the database connection string. I saw some tools can obfuscate exe files. But they are not free. We don't want to use them. Is there any other way to protect the database username & password when we provide a WPF exe file?

ice7101
  • 69
  • 5
  • So, this is an in-house App? – Fildor May 17 '21 at 14:46
  • 3
    how motivated are the users? if the app needs to be able to decrypt it, ultimately an attacker *can* get the value - you can't really stop that (it is their machine; they could, for example, use low level debuggers and add a break point after any decrypt code you add, and inspect the values). Would using integrated security (SSPI / domain auth) work? (you can't steal a password if you don't *use* a password) – Marc Gravell May 17 '21 at 14:46
  • Another attack vector is a memory dump that might contains all the data. For that you can use a SecureString. – Wouter May 17 '21 at 23:46

2 Answers2

3

The best way would probably to not allow direct database access at all. Instead create a network service that accepts requests from the application and forwards it to the database. This way the service can deal with authentication and permissions.

If this is not an option you might take a look at Securing a password in source code.

It is also probably way easier to just obfuscate the password rather than the whole application. Just encoding the string as a byte array and store the array would make it a bit more difficult to simply extract with a decompiler. Add some kind of 'encryption', even if it is just a XOR with a random array, would make it more difficult still. Note that this will not stop a skilled and determined attacker with admin permissions, for that you need some kind of external authentication.

JonasH
  • 28,608
  • 2
  • 10
  • 23
3

There is no bulletproof way to protect any code that is distributed from being decompiled.

You should always assume that any code you expose publicly can be decompiled and reverse engineered regardless of any obfuscation attempts you have made.

Therefore you should move any confidential information to a remote service that is protected by appropriate firewalls. Do not include any sensitive information in files that you distribute.

mm8
  • 163,881
  • 10
  • 57
  • 88