If I want to make a C# login form, with a Mysql databse which provides the userdata, in c#, i would say it's unsafe to write the database password, database username and database name in the connection string. Am i right? And is there another way like a webserver which will connect to the database and check if userdata is right?
3
-
Well if you use another service to do the login, wont that have the access credentials somewhere in the connection string?RiggsFolly– RiggsFolly2016-10-25 14:40:50 +00:00Commented Oct 25, 2016 at 14:40
-
Possible duplicate of C# SQL Database Windows Form Login SystemClint– Clint2016-10-25 14:58:13 +00:00Commented Oct 25, 2016 at 14:58
-
1@Clint that reference Link is for msft sql-server. And Tom can you please improve your question because right now it is quite unclear and is not helping much to keep it around. In other words if you are using Apache or something then .NET is not too relevant in some of the answers belowDrew– Drew2016-10-25 16:23:23 +00:00Commented Oct 25, 2016 at 16:23
Add a comment
|
2 Answers
You should store such things in a configuration file. .NET has the option to use encryption in web.config / app.config.
https://msdn.microsoft.com/en-us/library/ms254494(v=vs.110).aspx#Anchor_2
Comments
Either way you will have to provide those credentials. You can pass them in connection string in your code (OR) can have those maintained in web.config or app.config file in which case you can actually encrypt the password and have the encrypted value mentioned in connection string.
