Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I made a C# program with a login interface and used a SQL Server database. Can someone recover my database information by decompiling the EXE program generated?
Note: I interpret your question as someone who had the username and password for a database and has since lost it and is looking for a way to get it back. If your question was asked in the sense of "is it possible for a person to hack my program and read my connection string" then using the word "anyone" instead of "someone" would have made this more clear
Onto the answer:
Yes, "Someone" can, as long as that someone is you - we aren't here to do that for you
In an ideal world, no reverse engineering would be needed - just open the config file and read the connection string out of it. did you save your connection string in the config file?
If you hard coded it, use something like ILSpy to decompile your .net exe. Use of ilspy or similar decompilers is not difficult; most of them can work by you dropping the exe into the main window of the decompiler and then reading the code
Once you have the connection string you'll probably have the username and password if you didn't go to any extended means to hide them
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
Currently, we are developing a website open for public. we are paying great attention on security.
we have a lot of sensitive information on web.config, such as db connection string in , should we encrypt these db connection string information ? alternatively, should we encrypt the whole web.config file ?
Could anyone give me some idea that how hacker get the web.config information ?
The web.config is specifically excluded to be served by ASP.NET. You can't access that file unless you really screw up (that is: you can still read the file from disk of course and serve it yourself).
You do not need special protection for the outside world. The inside world can be as dangerous as the outside: if a lot of users have access to the web.config file from within your organisation, you might expose the username and password set in the connection string. It is better to use integrated security for that: you don't need usernames and passwords any more then. It doesn't get saver than that.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I was wondering how I would go about retrieving a file in a way that wouldn't be shown (or at least somewhat encrypted) in a web debugger or similar tool (wireshark for instance). I am currently using FTP, but FTP has a couple security flaws such as username and password being viewable in a web debugger or in programs that have been created for getting FTP username and password. Would SFTP be any safer?
The important thing to remember here is that Wireshark/Fiddler/et al see every packet that moves through your card. If you have a legitimate need to hide traffic from the card (and I don't see how you could), you're looking at some drastic measures.
With that in mind, establishing a VPN link is likely your best bet. That makes all traffic through your card look pretty much the same, even the legitimate stuff. A simple HTTPS connection might help, too, but in this case you still leak that something was being downloaded, as well as the base domain name (not full URL). Failing that... don't use the card. Fall back to a serial connection or USB thumb drive.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I'm building a C# application and would like to sell it for an audience. I would like to upload a database file into a website I own and give serial numbers to be verified first with this database file, once the database store the given serial and the first registered PC then it blocks this serial for other users.
Can anybody guide me on how to make such step during installation time? how I can connect to a remote database on a website to read and write?
Thank you for your time, really appreciate it.
If i understand you, this is what your looking for.
Using that you should be able to check a serial against the database.
One way to block the serials for repeated use is to couple a boolean "used" with a serial on each row. Then you can check both if the serial is found in the database, and if the boolean value is false.
Make sure to keep the input safe to prevent SQL injection.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I'm making a game with a login system which connect to a database, but my source code is not crypted and I worried about if someone decompile my program, he can get the SQL logins and wanted to know how prevent from that?
Since .NET Framework 2.0, there is a possibility of encrypting application configuration sections. However, it needs a bit of implementation.
Please refer to the following article.
https://msdn.microsoft.com/en-us/library/53tyfkaw(v=vs.110).aspx
Just another option... You can consider using "Integrated Security=SSPI" in your connection string. This will try to open connection to database with the user running your application main thread. However, this will require additional management on the SQL server side for permissions of the user but you won't be providing any usernames or passwords in your connection string.
And a note... Although i partially agree with Roblll with the comment on research, sometimes people need advice for the concept. If concept is not there and you are lost, you cannot share a line of code right? I think stackoverflow is a great platform to ask and learn from replies. So keep on asking... Do your homework and don't be shy! :)
Cheers
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
When you send an application to someone, using another computer, besides the application itself, do I have to send the Resources File too? And if I am using a DataBase do I have to send the Database.mdf file too? And what else would you have to send to make sure your application works on another computers?
Sorry if this question is a repeated one, but most of the others just ask for a single item, either the Resources or something else. But I would like to know about everything you have to send.
Thanks a lot !
it depends on your approach. i think you have a software with database and... that you want to sell and make it owrk on other users device. you can make you app make a new database on first start. you can include database files if its local and add to user app directory and... it all depends on you packaging method and tool.
or maybe you want let someone continue the project. so you can give other developer a back up .bak format or export database files from sql server management studio and other developer can attach them to the other machine project