0

I am going to send a C# project to a company for a test for application, but I realized I do not know something fundamental. I am using my website's sql server and when I send the project the person who will examine the code will see it.

Is there a way to hide it? In a dll or something?

Improve this question
11
  • Is it winforms or webforms ? Commented Jul 23, 2015 at 6:40
  • ConnectionStrings are personal to applications, I guess. Commented Jul 23, 2015 at 6:40
  • You can't just remove it from the app.config? Commented Jul 23, 2015 at 6:45
  • Can't you create a new user in SQL server with minimal permissions possible? Commented Jul 23, 2015 at 6:47
  • 1
    How would this person be accessing your SQL server, is it not located on your private network, and behind a firewall? Commented Jul 23, 2015 at 6:55

1 Answer 1

Reset to default
1

The solution is obviously to remove sensitive information from connection string somehow. I can think of two minimal effort ways:

  1. Use MSSQL's Windows integrated authentication. You'll need to run your application pool under account that has permissions on the database, but that way connection string won't contain username or password in it, just Integrated security=true;
  2. Remove connection string from all project files and add it only on pre build event. You can store it in a local file outside of project directory. If you store connection string in a web.config file, one way to transform it is through TransformXML.
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

If the OP wants to hide the credentials from whoever is doing debugging, only the first solution will work.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.