Is it possible to hide the user id and password from source when the developer can trace the source?
Sorry for my bad English.
-
you mean when they look at your file where you entered the connection string?DerApe– DerApe2012-09-27 08:09:52 +00:00Commented Sep 27, 2012 at 8:09
-
similar questions: stackoverflow.com/questions/40853/… stackoverflow.com/questions/3425908/…Sga– Sga2012-09-27 08:14:12 +00:00Commented Sep 27, 2012 at 8:14
Add a comment
|
5 Answers
you should keep the connectionstrings in web.config file and then encrypt the web.config file so that the passwords are safe. you can find help on how to encrypt web.config file here http://msdn.microsoft.com/en-us/library/dtkwfdky(v=vs.100).aspx
1 Comment
Tim Schmelter
Just to clarify: the web.config is as safe as the server itself.
I'm guessing you are putting the connection string in the source code. If you are the first thing you should do is move it to the app.config / web.config file.
http://msdn.microsoft.com/en-us/library/ms254494(VS.80).aspx
If you are already using the app.config or web.config file can you give more details.
Comments
If using MS SQL you can use integrated auth and simply not have user name and password in the connection string:
Data Source=myServerAddress;Initial Catalog=myDataBase;Integrated Security=SSPI;
(sample copied from http://www.connectionstrings.com/sql-server-2008)
Comments
A way to not store the password in the source is to make it a part of the server environment (read from a file, store it into an environment variable, etc.)
2 Comments
Meysam Savameri
environment variable? How to?
MaxVT
By Googling "vb.net environment variable", I found this: msdn.microsoft.com/en-us/library/77zkk0b6.aspx
Encrypt the connection string, more details can be found here: Encrypting Configuration Information Using Protected Configuration and Securing Connection Strings
1 Comment
Meysam Savameri
but with trace the source i can see the password.
