> Right now in order to protect SQL Server login information I have it
hard-coded into my application. I don't exactly like that, but I can't
figure out a way to store it elsewhere since the application itself has to
go find it, with the users credentials. So I was thinking about creating a
little utility to cypher the login and password and store it in a plain
text
file; the app would be able to decrypt it and use it but users wouldn't be
able to decode it at all. Is this a good way to protect login info? I
don't
want to reinvent the wheel, so I ask here.
Sure, you could do that. For example, America Online Instant Messenger
stores passwords for auto-login in the registry as a cyphered string.
You could also store your cypher as a key in your App.config file next to
your connection string key and use
System.Configur ation.Configura tionSettings.Ap pSettings to get the password
cypher, uncypher it and append it to your connection string at runtime.
If you can use Windows Authentication with your SQL Server, I think that's a
lot better, because then you don't have to worry about it.
--
Peace & happy computing,
Mike Labosh, MCSD
"I have no choice but to believe in free will."