CODEWITHSUNDEEP
c#.netmysqlconnection-string
brux
brux

Reputation: 3230

c# mysql connectionstring question

Im working in c#, I'm using mysql .net connector to interact with a remote mysql db. Is it safe to include the connection string inside the code and work with the db directly through the command object or should I be posting to a php middle layer to hide the connection string?

Thanks in advance.

Upvotes: 0

Views: 763

Answers (2)

Piotr Salaciak
Piotr Salaciak

Reputation: 1663

In my opinion:

  1. You shouldn't put Your connection string directly in Your C# code if Your application could be decompiled = I mean WinForms application.

  2. If You are working on a Windows application, then try to implement a log-in window. Where user will pass his/her user name and password. This solution needs a mysql user or users for every person that would have access to the system.

  3. If Your are working on a web application, then put You connection string inside web.config file.

  4. If You are working on application with unrestricted access, then I think You should implement some layer... but remember, never pass SQL queries as plain text via network, as someone could sniff it. I would recommend some kind of webservice.

Upvotes: 2

Brian Hartsock
Brian Hartsock

Reputation: 86

Then the connection string is just stored in the PHP middleware layer, so what's the difference? It has to be stored somewhere.

I would keep it simple and store it in the app.config or web.config of the C# app your writing.

Couple notes about storing it: - Production connection strings should not be stored in version control. - A production configuration file should exist on the production servers with the connection string. - For added security, you can encrypt your connection string (http://msdn.microsoft.com/en-us/library/89211k9b(v=vs.80).aspx)

Upvotes: 1

Related Questions