Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I'm making a game with a login system which connect to a database, but my source code is not crypted and I worried about if someone decompile my program, he can get the SQL logins and wanted to know how prevent from that?
Since .NET Framework 2.0, there is a possibility of encrypting application configuration sections. However, it needs a bit of implementation.
Please refer to the following article.
https://msdn.microsoft.com/en-us/library/53tyfkaw(v=vs.110).aspx
Just another option... You can consider using "Integrated Security=SSPI" in your connection string. This will try to open connection to database with the user running your application main thread. However, this will require additional management on the SQL server side for permissions of the user but you won't be providing any usernames or passwords in your connection string.
And a note... Although i partially agree with Roblll with the comment on research, sometimes people need advice for the concept. If concept is not there and you are lost, you cannot share a line of code right? I think stackoverflow is a great platform to ask and learn from replies. So keep on asking... Do your homework and don't be shy! :)
Cheers
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I made a C# program with a login interface and used a SQL Server database. Can someone recover my database information by decompiling the EXE program generated?
Note: I interpret your question as someone who had the username and password for a database and has since lost it and is looking for a way to get it back. If your question was asked in the sense of "is it possible for a person to hack my program and read my connection string" then using the word "anyone" instead of "someone" would have made this more clear
Onto the answer:
Yes, "Someone" can, as long as that someone is you - we aren't here to do that for you
In an ideal world, no reverse engineering would be needed - just open the config file and read the connection string out of it. did you save your connection string in the config file?
If you hard coded it, use something like ILSpy to decompile your .net exe. Use of ilspy or similar decompilers is not difficult; most of them can work by you dropping the exe into the main window of the decompiler and then reading the code
Once you have the connection string you'll probably have the username and password if you didn't go to any extended means to hide them
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
Currently, we are developing a website open for public. we are paying great attention on security.
we have a lot of sensitive information on web.config, such as db connection string in , should we encrypt these db connection string information ? alternatively, should we encrypt the whole web.config file ?
Could anyone give me some idea that how hacker get the web.config information ?
The web.config is specifically excluded to be served by ASP.NET. You can't access that file unless you really screw up (that is: you can still read the file from disk of course and serve it yourself).
You do not need special protection for the outside world. The inside world can be as dangerous as the outside: if a lot of users have access to the web.config file from within your organisation, you might expose the username and password set in the connection string. It is better to use integrated security for that: you don't need usernames and passwords any more then. It doesn't get saver than that.
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 5 years ago.
Improve this question
I have a school Management system and school have more branches they say we should have one common db
and i think i will host my db but i dont know who i can make a connection wirh desktop application and online database
I think it's a terrible idea exposing your database to the internet. Much better solution would be to write a Web API that is exposed to the internet which both the web and desktop apps use to perform their tasks by interacting with the API.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I was wondering how I would go about retrieving a file in a way that wouldn't be shown (or at least somewhat encrypted) in a web debugger or similar tool (wireshark for instance). I am currently using FTP, but FTP has a couple security flaws such as username and password being viewable in a web debugger or in programs that have been created for getting FTP username and password. Would SFTP be any safer?
The important thing to remember here is that Wireshark/Fiddler/et al see every packet that moves through your card. If you have a legitimate need to hide traffic from the card (and I don't see how you could), you're looking at some drastic measures.
With that in mind, establishing a VPN link is likely your best bet. That makes all traffic through your card look pretty much the same, even the legitimate stuff. A simple HTTPS connection might help, too, but in this case you still leak that something was being downloaded, as well as the base domain name (not full URL). Failing that... don't use the card. Fall back to a serial connection or USB thumb drive.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
please tell me how to retrieve a data from online database(table)?. I just created a table in enter link description here
And I made a SQL database. And can anyone tell me how to retrieve a data from that?
It is strongly advised for you to not directly connect to a database straight from Xamarin for (at the very least) 2 distinctive reasons:
1. Your credentials for the database will be in your app code, meaning anyone can just decompile your app and read your login info - huge security risk.
2. By connecting to a online database straight from Xamarin you'll most probably overload the database server (they allow only a small number of connections).
Usually when you need data from a database you work with an API that you build yourself. For example A php site, or an ASP.NET web api.
Xamarin communicates with your web site (e.g. www.yoursite.com/api/getinformation). This way your credentials are safe in the website, and your app connects only to your site, which is better because you can cache information there, preventing an overload on your site.
Reading material that will help you:
Xamarin forum link to php+mysql+Xamarin
Consuming REST-API's with