Using the database first approach and the app config that stores the entire connection string, what is the best practices approach to handling an encrypted password or an entire encrypted connection string? I've read in other places about creating another constructor for the context that passes in a connection string but wanted to see if there was a better way. I want to avoid having to micro manage model classes in this way and looking for something more streamline
-
See stackoverflow.com/questions/8760048/…Steve Greene– Steve Greene2016-12-12 18:31:27 +00:00Commented Dec 12, 2016 at 18:31
-
Steve, that solution proposes to make changes to the model class. as soon as the model is updated from the database, it overwrites changes made to those classes. As my question stated, i'm looking to avoid having to micro manage model classes, especially ones that warn you that manually modifying them will be overwritten on code regeneration.user1041887– user10418872016-12-12 19:05:34 +00:00Commented Dec 12, 2016 at 19:05
-
Send the password un-encryted as POST data usiong a HTTPS connection.zaph– zaph2016-12-12 19:34:36 +00:00Commented Dec 12, 2016 at 19:34
-
It's a windows applicationuser1041887– user10418872016-12-12 20:04:29 +00:00Commented Dec 12, 2016 at 20:04
-
1What models are you referring to? Lots of ways to handle securing a connection string and passing it into the EF context. Why not just store an encrypted password in your app.config and replace it in code (ConnectionStringBuilder) before passing it to the context? msdn.microsoft.com/en-us/library/cc716760(v=vs.110).aspxSteve Greene– Steve Greene2016-12-12 20:23:56 +00:00Commented Dec 12, 2016 at 20:23
|
Show 1 more comment