473,839 Members | 1,394 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Securing a Connection String Within A Class Library

Frinavale
9,735 Recognized Expert Moderator Expert
Hello everyone!

I'm having a problem securing my connection string.

There are a lot of sites out there that explain how to secure a connection string in the Web.config or App.config file; however, my connection string is being used within a Class Library (implemented with VB.NET), which doesn't have these files.

This class library is used by a web application to do all of my database manipulation so it is run under the ASPNET account. Because its run under this account the Integrated Security (Windows Authentication) option is not available to me.

I'm not really enthusiastic about trying to use impersonation to run my class library. I don't know if its even possible to do that it because its just a class library and not an application.

I have no idea how to secure my connection string.

Any suggestions are welcome because I am at a complete loss.

Thanks in Advance,

-Frinny
Mar 7 '07 #1
2 1584
Frinavale
9,735 Recognized Expert Moderator Expert
Here is an article that may help:
Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication or
How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI
I had read all of those before.

I ended up removing the connection string from the Dll and putting it into the web application's web.config. Then I was able to properly encrypt it.

I was advised to try and keep the connection string out of the web application but I don't see any other way to do this without a lot of pain.

Thanks for the help!

-Frinny
Mar 8 '07 #3

Sign in to post your reply or Sign up for a free account.

Similar topics

11
3444
by: Wm. Scott Miller | last post by:
Hello all! We are building applications here and have hashing algorithms to secure secrets (e.g passwords) by producing one way hashes. Now, I've read alot and I've followed most of the advice that made sense. One comment I've seen alot about is "securing the hashing routine" but no-one explains how to accomplish this. So how do I secure my hashing routine? Do I use code access security, role based security, ACLs, etc or combination?...
4
2770
by: Mark | last post by:
OK. Here we go. I have an ASP.NET application that does many hits to a SQL Server DB on a separate server. When I first created this application (2 years ago) and was very new to ASP/ASP.NET, to make the SQL connection string global throughout the application I created a .vb file within the application project and declared a public SQLConnection: Public ors_wnf As SqlConnection = New...
4
6737
by: Charlie | last post by:
Hi: I'm storing my dB connection in web.config file. Since it will be easily read by opening file, what is a good way to secure it? Thanks, Charlie
4
4165
by: Rahul Anand | last post by:
Getting SQL Exception when trying to implement Connection based Trasaction using SQL Helper class. I am using the follwing function to execute my stored procs: -=-=-=- ExecuteScalar(ByVal transaction As SqlTransaction, _ ByVal spName As String, _ ByVal ParamArray parameterValues() As Object)
3
2654
by: ad | last post by:
I have a web application which refer a class library project. The web application have a web.config and the class library project have a app.config. They all have connection string defined in them. I set both connection strings identical in VS2005. But after publish it to web site, I can just set the connection in the web application.
3
3945
by: ad | last post by:
I have a web application and a class library in a solution. The class library is make of typed datasets, and include many Table in it. The connection strings of the TableAdapters is come from the app.config of that class library. The Web application refer the class library, and the connection strings of WebApp is come from the web.config of it. It is ok in developing step, I can make both connection string identical in
5
2137
by: Matt | last post by:
Hello, What is the best way to handle the database connection string for a class library project that will be compiled and used as a .dll? This .dll will be accessed via classic ASP and in the future by ASP.NET pages. I have created a constant that contains the connection string (as shown below).
3
2451
by: Ryan Liu | last post by:
Hi, When i add a connection string FpConnStr from application setting UI in VS 2008, it ends with sth. like: <connectionStrings> <clear /> <add name="CapiInterviewer.Properties.Settings.FpConnStr" connectionString="data source=PowerCapiData" providerName="System.Data.SQLite" />
6
1372
by: CSharper | last post by:
We have a good size project and there we will connect to sql from different projects. What is the best practice to connect to sql? I am pretty sure, writing the hard coded is not a good solution. I could create class which could encapsulate all the tasks for the project and we create the instance and consume them in the project. But with this every time, I try to create a new instance I would end up creating a new sql connection. Do you...
0
9698
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
0
10914
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. Here is my compilation command: g++-12 -std=c++20 -Wnarrowing bit_field.cpp Here is the code in...
0
10299
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
1
7834
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms. Adolph will...
0
7022
by: conductexam | last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one. At the time of converting from word file to html my equations which are in the word document file was convert into image. Globals.ThisAddIn.Application.ActiveDocument.Select();...
0
5684
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in the same network. But I'm wondering if it's possible to do the same thing, with 2 Pfsense firewalls...
1
4495
by: 6302768590 | last post by:
Hai team i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
2
4071
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
3
3136
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.