connectionString security

connectionString security

Postby imre.dudas » Thu 11 Mar 2010 20:46

Hello,

How can be a ConnectionString stored safely? If it is stored in the source code, it can be disassembled e.g. by the Reflector software. If I store it in the proper session of the app.config, then the encripting process should be done on that computer, which I want to use. So the decrypted data have to be put on that computer. If I apply my own encrypt/decrypt processes, the key can be read again, when the code is disassembled. If I use public key, the data can be decoded.

What do you advise me to solve this problem?

The advices of Google and MSDN lead me till this point. I didn't find anything related neither on the Devart's homepage, nor in the forums, maybe I was not careful enough.

Best regards,
Imre
imre.dudas
 
Posts: 18
Joined: Thu 11 Mar 2010 20:36

Postby Shalex » Fri 12 Mar 2010 14:10

Please refer to http://msdn.microsoft.com/en-us/library/89211k9b.aspx. We think that connection string parameters can be exposed at the client side in the debug mode even if you used some encryption method for storing connection string.
Shalex
Devart Team
 
Posts: 7774
Joined: Thu 14 Aug 2008 12:44


Return to dotConnect for PostgreSQL