connectionString security

Discussion of open issues, suggestions and bugs regarding ADO.NET provider for PostgreSQL
Post Reply
imre.dudas
Posts: 18
Joined: Thu 11 Mar 2010 20:36

connectionString security

Post by imre.dudas » Thu 11 Mar 2010 20:46

Hello,

How can be a ConnectionString stored safely? If it is stored in the source code, it can be disassembled e.g. by the Reflector software. If I store it in the proper session of the app.config, then the encripting process should be done on that computer, which I want to use. So the decrypted data have to be put on that computer. If I apply my own encrypt/decrypt processes, the key can be read again, when the code is disassembled. If I use public key, the data can be decoded.

What do you advise me to solve this problem?

The advices of Google and MSDN lead me till this point. I didn't find anything related neither on the Devart's homepage, nor in the forums, maybe I was not careful enough.

Best regards,
Imre

Shalex
Site Admin
Posts: 8247
Joined: Thu 14 Aug 2008 12:44

Post by Shalex » Fri 12 Mar 2010 14:10

Please refer to http://msdn.microsoft.com/en-us/library/89211k9b.aspx. We think that connection string parameters can be exposed at the client side in the debug mode even if you used some encryption method for storing connection string.

Post Reply