Creating a Secure String to connect to a SQL Server

Question

I currently have an application that connects to a database for user logins.

However, the password is all written in plain text.

This is something that I really don't want. I was wondering if there was any way of creating a SECURE connection string?

I understand that some people have answered this question before but all answers were made 2 years ago. I was wondering if anyone had any newer methods of doing this?

I have seen a lot of answers saying I should have the "trusted-user = true" tag on the connection string. If I'm correct in thinking, this allows a user to connect with their Windows password.

However as I want this to be a login form for my C# application does that mean I would have to trust every machine that connects to the database? This seems also a little insecure.

So I was wondering if there where any better methods of doing this?

Answer 1

I'd recommend using Windows authentication or Integrated Security for your database connection if you can. This does involve making sure that all users of your application are also setup as users in your database as well. Sometimes that isn't always an option or desirable.

Failing that, I'd choose to have config file encryption so that credentials can't be viewed by a decompiler. This link provides some good information.

Answer 2

simply create a function and return your password from there don't use ConfigurationManager.ConnectionStrings["WingtipToys"].ConnectionString because its can be view by any text file editor..

use this

Server=myServerName\myInstanceName;Database=myDataBase;User Id= myUsername();
Password=myPassword();

myUsername and myPassword are method names