Connection string encryption tool

One of the problems that exists in database programming today is how to keep database Connection String information from prying eyes. There are generally 5 ways to attack this problem, each with some significant drawbacks. Before I begin, a note of clarification is in order A true security measure would imply that the technique would provide reasonable protection against a hacker.

That is not the case here. Instead this technique will merely obscure the information from all but the most determined users. Let's start at the beginning Typically you store configuration-based information such as a Connection String in the application's "config" file.

This can be done by editing the "app. Note: If you created a strongly-typed dataset via the designer, then Visual Studio itself may have automatically created the Connection String entry in the Setting section of "My Project".

Using the example above, the resulting XML-based app. You can probably see why you wouldn't want to leave this information in an easily readable format. Anyone can view the contents of this text file and get all of the information they need such as the Server name, User ID and Password to gain direct access to the database.

Part of the problem is that your application actually lives in "two worlds" For this trick to work, we need to leave the Connection String as "clear text" during development, and only convert it to "obscure text" at run time. This is required because Visual Studio will use the "clear text" version of the Connection String whenever you make changes to the DataSet via the DataSet designer.

Luckily, Visual Studio provides separate configuration settings for each world. During the development environment, the configuration settings are stored in a file called "app. So that's where the custom "Build Event" comes in. The last part of the puzzle is to tell the application how to convert the "obscure text" back to "clear text".

We need a command-line utility that will be used inside Visual Studios as a custom Build Event to alter the applications config file every time the Visual Basic project is compiled. This application needs to have two command-line arguments So, let's get started. Let's create a new console application called Base64Settings that converts clear text into Base64 encoded text. After you've compiled this program, you should copy it to a location on your PC so you can use it as a custom Build Event in another Visual Studio project See Part 3.

Therefore, no additional steps are required to decrypt the encrypted configuration settings. You can run your existing application by encrypting your Web. Config file and it will run perfectly without any modification to your existing code. Isn't that interesting? Simply perform the following command to decrypt the connectionStrings element in the Web. You might ask me a question if Web. Config file can decrypt the content, right? To answer this question, I would say no, if you encrypt your Config file, then your machine would store your keys and if you copy the Config file to a different system and try to decrypt it, then you might get an error.

Config encryption only takes a couple moments and provides much more security than a clear-text file. It may not be enough to thwart a hacker that has full access to your entire server. I'm encrypting all my sensitive data stored in Web. Config after learning the concept of encryption. How about you? Sign in Email. Forgot your password? Search within: Articles Quick Answers Messages. Tagged as VS Stats K views. Encrypt ConnectionString in Web. Yamin Khakhu Rate me:.

Please Sign up or sign in to vote. Download EncryptWebConfig. Why It Is Important? Before Encrypting Web. Config If you look at the below Config file, it can be easily readable.

Copy Code. Yamin Khakhu Software Developer Senior. Passionate, energetic, dynamic, responsible and committed engineer, with a get—it—done attitude and spirit of completing on—time with experience in designing, implementing and adapting technically sophisticated applications using Microsoft Technologies. First Prev Next What is the approach we shall follow for. Net core? Koundinya 1-Feb Member Dec Harish Sadhu Feb Member Jan SouravParamanik Sep Malayali Coder 6-Jun Member Feb CHill60 Oct Vijay Kumar Raja Grandhi Aug VICK May MassimoPallara 7-May Deepu S Nair 4-Jan Altaf N Patel 4-Dec Muhd Hafiz Ahmad Oct Renju Vinod Jul For example, remove the values for core, master, security, and web:.

Open the App Service and navigate to Settings , Configuration , and then in the Connection strings section, click New connection string. Add connection strings for all the databases that you want and click OK.

Platform Administration and Architecture Security guide Security tasks Protect the connection string passwords from unauthorized access. Prev Next.