469,649 Members | 1,202 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 469,649 developers. It's quick & easy.

Where to store database connection info???

Hi,
Currently im storing the connection info. in XML file on the C drive. the
only problem with this is that anybody can open and check the database name.
I know encryption can solve this problem but still im concerned whether this
is the right place to store connection info as in earlier project that was in
C++, we use to store the connection info. in registry but the problem with
this approach is that your application becomes windows dependent?? Any help
on this is highly appreciated.
Thanks in advance.
faktujaa
Jul 21 '05 #1
3 1584
Is it really *necessary* to hide the name of the server??? :confused: Its a
snap to find out what where the server is running. I guess the only reason to
hide is it you also have your passwords in there which isn't a good idea.

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Alex Korchemniy

"faktujaa" wrote:
Hi,
Currently im storing the connection info. in XML file on the C drive. the
only problem with this is that anybody can open and check the database name.
I know encryption can solve this problem but still im concerned whether this
is the right place to store connection info as in earlier project that was in
C++, we use to store the connection info. in registry but the problem with
this approach is that your application becomes windows dependent?? Any help
on this is highly appreciated.
Thanks in advance.
faktujaa

Jul 21 '05 #2
Hi,
U r right but i meant the entire connection info that will also contain user
id and password in case of oracle database. And now to main question, how
safe it is to store this info in a file on a C drive(ofcourse in the
encrypted format)??? Or is there any best alternative that im not aware
of???? plez help me security GURUS.
Thanks in advance,
faktujaa

"Alex Korchemniy" wrote:
Is it really *necessary* to hide the name of the server??? :confused: Its a
snap to find out what where the server is running. I guess the only reason to
hide is it you also have your passwords in there which isn't a good idea.

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Alex Korchemniy

"faktujaa" wrote:
Hi,
Currently im storing the connection info. in XML file on the C drive. the
only problem with this is that anybody can open and check the database name.
I know encryption can solve this problem but still im concerned whether this
is the right place to store connection info as in earlier project that was in
C++, we use to store the connection info. in registry but the problem with
this approach is that your application becomes windows dependent?? Any help
on this is highly appreciated.
Thanks in advance.
faktujaa

Jul 21 '05 #3
If you are going to encrypt the username and password you will have to store
the key somewhere anyway. Make sure your key is stored safely. Security by
obsurity means that someone can find the key and later use it to decrypt the
username and password.

---
This posting is provided "AS IS" with no warranties, and confers no rights.
Alex Korchemniy

"faktujaa" wrote:
Hi,
U r right but i meant the entire connection info that will also contain user
id and password in case of oracle database. And now to main question, how
safe it is to store this info in a file on a C drive(ofcourse in the
encrypted format)??? Or is there any best alternative that im not aware
of???? plez help me security GURUS.
Thanks in advance,
faktujaa

"Alex Korchemniy" wrote:
Is it really *necessary* to hide the name of the server??? :confused: Its a
snap to find out what where the server is running. I guess the only reason to
hide is it you also have your passwords in there which isn't a good idea.

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Alex Korchemniy

"faktujaa" wrote:
Hi,
Currently im storing the connection info. in XML file on the C drive. the
only problem with this is that anybody can open and check the database name.
I know encryption can solve this problem but still im concerned whether this
is the right place to store connection info as in earlier project that was in
C++, we use to store the connection info. in registry but the problem with
this approach is that your application becomes windows dependent?? Any help
on this is highly appreciated.
Thanks in advance.
faktujaa

Jul 21 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

2 posts views Thread by Bryan | last post: by
4 posts views Thread by Andrew | last post: by
1 post views Thread by rdemyan via AccessMonster.com | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.