Reputation: 167
securing app.config - VB.Net 3.5
I'm using Visual Studio 2008 Pro to create a VB Winform App. I have some custom configuration settings as well as a MS SQL connection string in my app.config file.
- What is the best method to insure that no one can read these settings in the app.config?
- Are there any other area's that would have the connection string in plain text that I might want to consider securing as well?
Thank you!
Upvotes: 4
Views: 2750
Answers (3)
Reputation: 73584
Check this article out
http://guy.dotnet-expertise.com/PermaLink,guid,b3850894-3a8e-4b0a-aa52-5fa1d1216377.aspx
Edit
It may not be as easy as everyone else is saying. I'm not sure if things have changed, but this article outlines challenges actually faced by someone trying this, and the final solution, which worked.
Upvotes: 1
Reputation: 43855
One method to protect your app.config is to encrypt it from prying eyes. Check out this article on Encrypting Passwords in a .NET app.config File or this one on Encrypting the app.config File for Windows Forms Applications.
In response to part two of your question: memory! Unencrypted data can hang around in unprotected memory until the Garbage Collector picks it up. So for that reason you'll want to look at using the SecureString class whenever you deal with passwords, connection strings and the like. The first article touches on this point.
Upvotes: 7
Reputation: 1039268
There's a post explaining how to encrypt settings in app.config file.
Upvotes: 0
Related Questions
- Password-protecting encrypted web.config sections using aspnet_regiis
- how to secure app.config, while it is intended to be used on several machines?
- App.config connection string Protection error
- Deployment of encrypted app.config
- Protect central app.config
- Windows Form App Code Security
- How to protect WinForms ConnectionString
- Can we encrypt the entire config file?
- App.Config Security in WPF
- Securing passwords in config problem