Reputation: 47
How to secure multiple connection strings in an application
I am creating windows forms application using C#. In my application 6 connection strings. These are loading data from 6 databases. I want to secure these connection strings using encryption and decryption. I find many examples on google but these are only working for one connection string. How can I secure my 6 connection string?
Thanks
Upvotes: 0
Views: 455
Answers (2)
Reputation: 7275
I prefer to encrypt sections of my web.config to protect both the <appSettings> and the <connectionStrings>.
http://msdn.microsoft.com/en-us/library/dtkwfdky%28v=vs.100%29.aspx
If you have a build server running you can have it encrypt the web.config so you can do local develop with plain text and have the encrypted versions on production machines.
Upvotes: 0
Reputation: 1953
There's no easy answer to your question. It really depends on how sensitive is your information and how much an attacker would want to get this information. The reason for this is simples: .NET applications can be decompiled easily (even the obfuscated ones).
That means if you store an encrypted something, you would need to store a encryption key anywhere. By using decompile, an attacker could take possession of your encryption key and, no matter how good is your algorithm, it is just a matter of time for decrypting something. So again, how sensitive is the information you are storing? Does it expires in some time? If not, how much protection you want to have?
There's no good way to store sensitive information in an application that does not change its encryption key over time.
But if you believe your information is not that sensitive and that you could use an "easy" encryption, you could try looking at Rijndael encryption for .Net, and here it is a link for how to use this and some explanation about other encryption methods: http://www.codeproject.com/Articles/10154/NET-Encryption-Simplified
Symmetric algorithms provide a simple and good way of encryption for simple purpose encryption/decryption - let's say you want to store miles run on a health sports application - but they are not safe if you are storing credit cards numbers and passwords for databases with access to bank accounts, etc with encryptions that does not change over time. If your information is good enough, it is worth spending a whole year of computer processing to decrypt this information... so time is essential to your needs!
Hope this helps on your decision.
Upvotes: 1
Related Questions
- Connection String Security C#
- how to secure connectionString
- SQL Connection String Security
- How do I abstract and secure the same connection string from many applications centrally?
- SQL Connection string for asp.net
- How secure the user name and password in the connection string?
- Securing database connection strings
- How to secure connection string in vb.net 2008?
- Connection String management for a desktop application
- What is the best way to centralize and secure connection strings?