保护ConnectionString

Question

i want to secure a connectionstring so it is not possible to "read" it out for any purpose.

at the moment i'm doing it like this and i know it is like the Windows Firewall, open in all directions...

private static string connStr = "server=localhost;user=MySuperSecretUser;database=MySuperSecretDatabase;port=3306;password=MySuperSecretPassword;sslMode=none;";
private static MySqlConnection conn = new MySqlConnection(connStr);
private static MySqlConnection conn2 = new MySqlConnection(connStr);

does anybody know how i can secure it so nobody is able to help me out here?

Answer 1

If you are using standard .Net. Follow below steps for encrypting the Connection String

Encrypting Web.Config

Step 1 Open Command Prompt with Administrator privileges

Step 2 At the Command Prompt, enter below command

cd C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319

Step 3:

In case your web Config is located in "D:\\Articles\\EncryptWebConfig" directory path, then enter the following to encrypt the ConnectionString. Please note that ConnectionString is case sensitive

ASPNET_REGIIS -pef "connectionStrings" "D:\\Articles\\EncryptWebConfig"

Accessing Decrypted Configuration Settings

ASP.NET automatically decrypts the contents of the Web.Config file when it processes the file. Therefore, no additional steps are required to decrypt the encrypted configuration settings.

string ConnString = ConfigurationManager.ConnectionStrings[1].ToString();

Answer 2

You can encrypt it, but if your code can use it, someone with access to the code can also decrypt it.

The solution I've seen is for the developers to restrict access to the code, and for the server admin team to restrict access to the config files.

The server admin team (who already know this information) use the encryption tool to set up the config file on the web server. The programmers can't access the config file and any hacker that reads the config file can't decrypt it.