By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
457,876 Members | 1,452 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 457,876 IT Pros & Developers. It's quick & easy.

most secure way to store sql connection information

P: n/a
Guys,

I am writing a database application(vb.net , sql server) and is presently
storing the connection settings in a xml file...not very secure though. What
is a safer method in a dynamic environment?

Dayne
Jul 21 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a
Dayne,

Why is it not secure,

It is better than the registry because you can set it for a lot of clients
in one time.
And when you want to keep it secret you can encode it.

Just my thought

Cor

I am writing a database application(vb.net , sql server) and is presently
storing the connection settings in a xml file...not very secure though.
What
is a safer method in a dynamic environment?

Dayne

Jul 21 '05 #2

P: n/a
Cor,

Do you have any sample of encoding/encrypting a connection setting in an XML
file?

I have played with CMAB
(http://msdn.microsoft.com/library/de.../html/cmab.asp)
for encrypting xml files. But (from what I saw at least), only the machine
that did the encryption could decrypt the file. (This would work OK for a
web app, where the IIS server would do it. But no so useful for Windows
apps installed on multiple machines.)

Am I just missing something?

Greg

"Cor Ligthert" <no************@planet.nl> wrote in message
news:et**************@TK2MSFTNGP10.phx.gbl...
Dayne,

Why is it not secure,

It is better than the registry because you can set it for a lot of clients
in one time.
And when you want to keep it secret you can encode it.

Just my thought

Cor

I am writing a database application(vb.net , sql server) and is presently
storing the connection settings in a xml file...not very secure though.
What
is a safer method in a dynamic environment?

Dayne


Jul 21 '05 #3

P: n/a
Greg,

CJ is in my opinion the encrypting expert from this newsgroup.

(However when you search for Rijndael on MSDN you find a lot of samples,
which you could not find before).

Cor

"Greg Burns" <greg_burns@DONT_SPAM_ME_hotmail.com>
Cor,

Do you have any sample of encoding/encrypting a connection setting in an
XML file?

I have played with CMAB
(http://msdn.microsoft.com/library/de.../html/cmab.asp)
for encrypting xml files. But (from what I saw at least), only the
machine that did the encryption could decrypt the file. (This would work
OK for a web app, where the IIS server would do it. But no so useful for
Windows apps installed on multiple machines.)

Am I just missing something?

Greg

"Cor Ligthert" <no************@planet.nl> wrote in message
news:et**************@TK2MSFTNGP10.phx.gbl...
Dayne,

Why is it not secure,

It is better than the registry because you can set it for a lot of
clients in one time.
And when you want to keep it secret you can encode it.

Just my thought

Cor

I am writing a database application(vb.net , sql server) and is
presently
storing the connection settings in a xml file...not very secure though.
What
is a safer method in a dynamic environment?

Dayne



Jul 21 '05 #4

P: n/a
I have tried something like this last year using registry and a wrapper class.
Please see my article here :
http://www.codeproject.com/dotnet/En...tionString.asp
Hope this helps.

"Dayne" wrote:
Guys,

I am writing a database application(vb.net , sql server) and is presently
storing the connection settings in a xml file...not very secure though. What
is a safer method in a dynamic environment?

Dayne

Jul 21 '05 #5

P: n/a
Greg,

I saw this searching for something, I do not like to give snipets myself
about encrypting and security.

http://groups.google.com/groups?selm...TNGP10.phx.gbl

I think this fits your question?

Cor
Jul 21 '05 #6

P: n/a
Cor,

Just tried it out. It does indeed work. I entrypted a value on one
machine, and a second was able to decrypt it.

Have no idea how secure it is, but it serves my needs.

Thanks!
Greg

"Cor Ligthert" <no************@planet.nl> wrote in message
news:%2****************@TK2MSFTNGP15.phx.gbl...
Greg,

I saw this searching for something, I do not like to give snipets myself
about encrypting and security.

http://groups.google.com/groups?selm...TNGP10.phx.gbl

I think this fits your question?

Cor

Jul 21 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.