connectionString security

Discussion of open issues, suggestions and bugs regarding ADO.NET provider for PostgreSQL
Post Reply
imre.dudas
Posts: 18
Joined: Thu 11 Mar 2010 20:36

connectionString security

Post by imre.dudas » Thu 11 Mar 2010 20:46

Hello,

How can be a ConnectionString stored safely? If it is stored in the source code, it can be disassembled e.g. by the Reflector software. If I store it in the proper session of the app.config, then the encripting process should be done on that computer, which I want to use. So the decrypted data have to be put on that computer. If I apply my own encrypt/decrypt processes, the key can be read again, when the code is disassembled. If I use public key, the data can be decoded.

What do you advise me to solve this problem?

The advices of Google and MSDN lead me till this point. I didn't find anything related neither on the Devart's homepage, nor in the forums, maybe I was not careful enough.

Best regards,
Imre
Top
Shalex
Site Admin
Posts: 9543
Joined: Thu 14 Aug 2008 12:44

Post by Shalex » Fri 12 Mar 2010 14:10

Please refer to http://msdn.microsoft.com/en-us/library/89211k9b.aspx. We think that connection string parameters can be exposed at the client side in the debug mode even if you used some encryption method for storing connection string.
Top
Post Reply

Return to “dotConnect for PostgreSQL”