encrypt SQL connectionstring c#
You should store your connection string in a config file and encrypt that section. See http://www.4guysfromrolla.com/articles/021506-1.aspx or http://msdn.microsoft.com/en-us/library/89211k9b%28VS.80%29.aspx.
There are two ways of doing it:
- You can use Configuration Secure Section to encrypt and decrypt connection strimng from your source code:
try{ // Open the configuration file and retrieve // the connectionStrings section. Configuration config = ConfigurationManager.OpenExeConfiguration(exeConfigName); ConnectionStringsSection section = config.GetSection("connectionStrings") as ConnectionStringsSection; if (section.SectionInformation.IsProtected) { // Remove encryption. section.SectionInformation.UnprotectSection(); } else { // Encrypt the section. section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider"); } // Save the current configuration. config.Save(); Console.WriteLine("Protected={0}", section.SectionInformation.IsProtected);}catch (Exception ex){ Console.WriteLine(ex.Message);}
- You can Enterprise Library Data Access Application Block to perform the encryption using
RSAProtectedConfigurationProvider
orDPAPIProtectedConfigurationProvider
.
For the full article go to --> http://msdn.microsoft.com/en-us/library/89211k9b(VS.80).aspx
No, you can only make it difficult
It is better to let the application use a special database login which only got access to the tables/procedures necessary.