0

I have a WPF app that uses a local MySQL server in the background.

The app will run on computers I can not ensure every user to be a "good" user and I have noticed that, once released, it is more than easy to decompile - exposing the connection string to the database.

I have read about encrypting configuration information using protected configuration, which seems to be the way to go, however I have had a hard time finding the information I need to implement such a solution in WPF.

How do I store my connection string safely, and how do I get it back into my C# files?

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Jannes
  • 225
  • 1
  • 10
  • did you see this post?https://stackoverflow.com/questions/30967437/securing-connection-string-in-wpf-not-asp-net-2-0 – abolfazl sadeghi Apr 22 '23 at 21:26
  • 2
    Even if you encrypt the connection string, malicious users may still be able to do a packet capture or a memory dump and see the credentials. A local database should only store the _current user's_ sensitive information. You can have a 'personal' database per user, in a location protected by the OS, and then a 'shared' database in a public location – Andrew Williamson Apr 23 '23 at 01:25
  • 1
    How and why do you install MySQL with your application? Users can just reset its root password and access it... Why is it a problem that a user can access their own data? Anything am application reads or writes can be inspected and modified by the user, just accept that fact. – CodeCaster Apr 23 '23 at 07:47
  • As @AndrewWilliamson said you have an architecture problem, it seems you have a two-layer application, this kind of application has a connection string hijacking issue, and encrypting the connection string at most makes accessing the connection string a little bit harder for the attacker. – Shahram Shobeiri Apr 23 '23 at 11:28
  • @CodeCaster the application will be used by local public swimming pools as an entry- control and tracking system. I will be installing all requisites personally, however the employees sitting at the register (using the software) shouldn't sniff around. The MySQL connection string is not that bad as its mostly statistics, however the connection string to my SFTP-server (for backups) also sits in code right now – Jannes Apr 23 '23 at 16:34

1 Answers1

3

How do I store my connection string safely?

You can't. You can only obfuscate it.

Obviously you can encrypt a connection string in a client application. One very easy way would be to use an obfuscation program like .NET Reactor which has a simple option to encrypt all strings. If you want to use obfuscation, go for it. I'm a fan personally. This gives you as much protection (which is to say not much) as any other encryption method that might be suggested, but it can serve as a nuisance to the average user.

Just understand that when it comes to client applications - be it WPF, mobile, or web - anything that the client can access, the person who controls the client can also access. The client must always be assumed to be insecure and untrusted. It doesn't matter if it's programmed in an easy-to-decompile language like C#, or in C++ or assembly. By extension, if the users have local databases on their systems, those databases, too, are insecure. Even if they could somehow be prevented from seeing the connection string, they can get to them through other means.

The only way to protect data from client software is to keep it inaccessible except through a secure middleman that you control - e.g., a server. When the client authenticates, the server provides a short-lived token that lets the client access data during the session. When the session is over, the token stops working. In other words, you secure the connection to the database by ensuring the client never gets one; the middleman (the server) mediates all access. The only secret the client is entrusted with is a short-lived one-time token that you retain the power to invalidate at any time.

Even if your users are all behind a firewall in a secure on-prem network, you still can't let the client computers connect directly to the database if you want that data to remain secured. Sure, in the before times, you may have seen productivity apps that lived behind corporate firewalls connecting to SQL databases directly. Hardly anyone does this anymore, but if they do, it's because they have accepted the fact that anybody behind that firewall can access those databases with or without the client software.

I hope this helps and apologize if this doesn't directly answer your question. To me it's a matter of fundamental importance that all developers understand what perhaps should be the First Commandment of data security - thou shalt never entrust the client with something you want to keep secret.

Emperor Eto
  • 2,456
  • 2
  • 18
  • 32