0

I am working on upgrading an existing winform app with some mobile clients and would really like to put the SQL into Azure instead of the current local SQL solution. I would then change the connection string in the app.config file to point to Azure.

At present one of my biggest concerns is security and therefore I would like to secure the connection string (through encryption...) so that it can't be viewed locally in the app.config file.

Does anyone know how I should go about encrypting some or all of the app.config file to key the connection string our of sight. I have assumed that since Azure SQL uses SSL I don't need to worry too much about how secure it is when the request is actually being made from the winform app to Azure.

Any help much appreciated.

Jason.

Improve this question
1
  • you can store your credentials in an encrypted file and then connect to the database by reading that file Commented Jan 17, 2014 at 15:20

2 Answers 2

Reset to default
2

Having SQL Azure connectionstring in a app either on desktop or mobile makes no sense. The server become vulnerable as anyone can decrypt the connection string if your app can. Some other issues that i can think of would be

  • Changing the SQL Server location become problematic as you have location available on each client config file.
  • Rights management has to be done for each user who you want to provide database access.

You need to look at building an intermediate layer such as OData endpoint or Web API end point which involves a server framework like using ASP.Net.

Also look at Azure Mobile Services which can provision a database and a server component to support standard CRUD operation and host of other features.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Warning: this is not a save solution!

You can store your credentials in an encrypted file and then connect to the database by reading and decrypt the credentials from that file.

Tutorial on file encryption: look here

Connect to database:

string connectionString = myconnectionstringReadedFromFile;

//
// In a using statement, acquire the SqlConnection as a resource.
//
using (SqlConnection con = new SqlConnection(myconnectionstringReadedFromFile))
{
    //
    // Open the SqlConnection.
    //
    con.Open();

    //.... your stuff

}
Improve this answer

2 Comments

Whats the point in making the encryption password/key as part of the Winform itself? It is not secured.
you can obfuscate it. Of course the writer should consider that the code can be decompiled. There is no 100% safe solution. Maybe this is enough

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.