Reputation: 3035
Is it really possible to protect a connection string in app. config?
We want to protect the login information that is used to connect to our SQL Server database from a .NET windows application.
This information is stored as a connection string in an app.config file on the client PC.
Almost everywhere it is suggested you encrypt your connection string using
(ConnectionStringsSection)config.GetSection("connectionStrings").ProtectSection();
However, a malicious user that wants your database password, could just copy the encrypted config file, use it with it's own application, and call
(ConnectionStringsSection)config.GetSection("connectionStrings").UnprotectSection();
This will decrypt the connection string back to plain text.
Is there any way to really protect a database password in a .NET application that is stored on a user's PC?
EDIT: to further clarify the situation, we are indeed talking about a malicious user (read: competitor) that has access to the same PC and wants the password.
As a secondary measure, we first encrypt the password ourselves, save it to app.config and then call ProtectSection(). This will make Unprotect() output the encrypted password. But the user will still be able to decompile our code and figure out our encryption key and algorithm that is used...
Upvotes: 7
Views: 6587
Answers (2)
Reputation: 726479
a malicious user that wants your database password, could just copy the encrypted config file, use it with it's own application
This wouldn't work, unless the malicious user runs on the same computer, or has access to the encryption keys of your Protected Configuration Provider.
This is a reasonably strong protection, but if we suppose that web.config could be stolen, we must also suppose that the private key file could be stolen as well. Hence, protected option is "more secure" only in the sense that a kid next door would have harder time breaking it.
If your RDBMS is SQL Server, you could use its Integrated Security feature to avoid storing, and even creating, login credentials for the RDBMS.
Upvotes: 5
Reputation: 40858
All encryption uses a key to encrypt, and you need that key to decrypt.
The documentation of ProtectSection shows that it takes a parameter that specifies the encryption method. Two are mentioned in that article: DpapiProtectedConfigurationProvider and RsaProtectedConfigurationProvider.
Dpapi is machine-specific or user-specific (can only be decrypted on the same computer or by the same user). Rsa allows for a shared key that can be used on other computers, but you must actually have the key to decrypt.
So no, no one can just steal the .config file and call UnprotectSection() and expect it to work.
Upvotes: 1
Related Questions
- Encrypt connection string in app.config
- How to protect the connectionstring in web.config?
- SQL Connection String Security
- Protect central app.config
- How to protect WinForms ConnectionString
- Securing database connection strings
- How to protect web.config connection string from other developers?
- Is it safe to write connection string in web.config?
- Is there a need to secure connection string in web.config?
- ConnectionStrings in app.config. What about security?