If one has a connectionstring in one's application, is there a way to encrypt the information it contains?
The connection string is created using the SqlConnectionStringBuilder object.
Or is it 'acceptable' that sensitive information is sent in plaintext to the server?
well you can use AES for example, to encrypt the data, send the encrypted connection string to the database computer. on that computer you need to build a listener that is getting the encrypted connection string and then decrypt it and connect to server. you need to build a softwere between the database computer and the user computer if you want to encrypt\decrypt all the data, but for the ConnectionString that the way...(encrypt -> send it to the server to a listener -> decrypt)
Hope it helps. Amit.
Hope this helps.
Is it 'acceptable' that sensitive information is sent in plaintext to the server?
It depends on how much level of security you want for you application, as security critical apps might need encryption of the connection string.
Use encryption sparingly and judiciously though - there is a performance hit.
Edit: Changed the link, Linked to MSDN (more info)
Thanks
