Reputation: 1092
Secure connection string from winforms app to Azure SQL
I am working on upgrading an existing winform app with some mobile clients and would really like to put the SQL into Azure instead of the current local SQL solution. I would then change the connection string in the app.config file to point to Azure.
At present one of my biggest concerns is security and therefore I would like to secure the connection string (through encryption...) so that it can't be viewed locally in the app.config file.
Does anyone know how I should go about encrypting some or all of the app.config file to key the connection string our of sight. I have assumed that since Azure SQL uses SSL I don't need to worry too much about how secure it is when the request is actually being made from the winform app to Azure.
Any help much appreciated.
Jason.
Upvotes: 0
Views: 1770
Answers (2)
Reputation: 35733
Warning: this is not a save solution!
You can store your credentials in an encrypted file and then connect to the database by reading and decrypt the credentials from that file.
Tutorial on file encryption: look here
Connect to database:
string connectionString = myconnectionstringReadedFromFile;
//
// In a using statement, acquire the SqlConnection as a resource.
//
using (SqlConnection con = new SqlConnection(myconnectionstringReadedFromFile))
{
//
// Open the SqlConnection.
//
con.Open();
//.... your stuff
}
Upvotes: 0
Reputation: 42669
Having SQL Azure connectionstring in a app either on desktop or mobile makes no sense. The server become vulnerable as anyone can decrypt the connection string if your app can. Some other issues that i can think of would be
- Changing the SQL Server location become problematic as you have location available on each client config file.
- Rights management has to be done for each user who you want to provide database access.
You need to look at building an intermediate layer such as OData endpoint or Web API end point which involves a server framework like using ASP.Net.
Also look at Azure Mobile Services which can provision a database and a server component to support standard CRUD operation and host of other features.
Upvotes: 2
Related Questions
- Securely Connecting to SQL Azure
- Secure ConnectionString in WinForm Applications
- SQL Server secure connection using Windows Azure Connect
- Securing a connection string in an app settings for .NET Core 2.1 talking to SQL Azure database
- using securestring for a sql connection
- Creating a Secure String to connect to a SQL Server
- asp.net core mvc connection string
- How to establish secure connection string from on premises to SQL Azure Database
- Build SQL Connection string with integrated security for use over VPN?
- Protecting connection string from Man in the middle