Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I created an application in C# + WPF + MySQL. What is the best (safest) way to store database connection strings?
Store it on your App.config file and always encrypt it. This link will show you how to encrypt parts of your configuration file.
You could store connections strings in the configuration file. You may secure them if necessary.
Alternatively - the registry. The one place you do NOT store them is the app.config file (whatever.exe.config) as it is only in existence ONCE and the programs folder is not something users can change. Per user settings should never be there.
If the application is running on a server, I'd recommend the machine.config file and encrypt it in the same manor Fernando recommended. If the application is going to be distributed then app.config is where I would store them.
Well I always follows one practice. When ever I do some thing in SL or WPF, I always put Service layer between SL/WPF and database.
You could use the visual studio settings / properties that are available when using visual studio. They are pretty simple to use, and if you use a user setting it is saved in the app data directory for the user, so it is semi-hidden away from tinkering. Then all you'd have to do is some form of encryption to lock it down completely if you so wanted.
I think the best thing about visual studio settings is the ease of use.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
I tried many tricks from StackOverflow to Save & Update appSettings.json file but nothing working. Some snippets working only in Startup.cs only for read appSettings.json not for updating. Please help!
First of all, it's a bad idea to persist user settings into appsettings.json. The OS process executing your MVC app should never have write permission to this file for security reasons.
I would probably use a DB engine with ACID capabilities for this purpose. However, it could be ok to store such user settings in the file system - but in a separate file, at a safe location.
For example I'd create a folder named say App_Data in the application root folder, set write permission to it and place an adminsettings.json file into it. Then I'd use this file as my persistent storage for the said user settings.
Obviously, it would require some coding to make all this work. I put together a code sample for you which aims to reuse the configuration and options API of .NET Core. I think it exceeds the size acceptable here, so I made it available as a Gist.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
I have a number of projects developed in WinForms. Despite looking around on SO and other areas I've not really found a satisfactory answer.
The projects make use of the app.config and are deployed to multiple users using ClickOnce. Each physical install on a users machine will have both the deployed application as well as the app.config. The app.config holds credentials for a restricted account for a database.
Is it possible to encrypt data such as credentials for a Db connection in WinForms that is deployed to the masses? Some users work on laptops offsite, so a network connection wont always be available. I'm just trying to find out what the best practices are for securing a WinForms application might be in this scenario.
Of course you can save the credentials as an encrypted string in your app.config. SO provides some good examples on how to use the System.Security.Cryptography.Rijndael symetric algorithm.
This of course requires the same key to encrypt and decrypt the data. That key will be stored in the source code, and .NET sourcecode is not really save, everyone with the ability to use google and use a program with more than one button will be able to find it in the decompiled code and thus, it's only slightly more safe than just having the password not encrypted.
Most important is, that the credentials your app uses to access the database are only allowed to do what the app needs, so not like using SQL Management Studio to oben the DB and being able to reconfigure everything (Saw that once at a customer).
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 5 years ago.
Improve this question
Currently, we are developing a website open for public. we are paying great attention on security.
we have a lot of sensitive information on web.config, such as db connection string in , should we encrypt these db connection string information ? alternatively, should we encrypt the whole web.config file ?
Could anyone give me some idea that how hacker get the web.config information ?
The web.config is specifically excluded to be served by ASP.NET. You can't access that file unless you really screw up (that is: you can still read the file from disk of course and serve it yourself).
You do not need special protection for the outside world. The inside world can be as dangerous as the outside: if a lot of users have access to the web.config file from within your organisation, you might expose the username and password set in the connection string. It is better to use integrated security for that: you don't need usernames and passwords any more then. It doesn't get saver than that.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I need to develop a standalone windows application that will work offline. I have decided to implement it using C# and WPF.
However because the application database should be able to run without having to install Sql Server on the client's desktop, am not sure what's the best approach.
The concept is that i will develop the application give the executable to the client, install and run the application without any complexity of connecting database.
So far i am considering to use SQLite.
My question is what's the best solution to connect a database within the application.
SqlLite is the best option to go so as to have both the sql features
and also a offline db.
If the data is very, very simple, and you need
it to be readable by other applications or users (with appropriate
permissions), I would probably choose to store it in an XML file or
even a plain-text file inside the user's Application Data folder,
which would be obtained via Environment.GetFolderPath.
If you want to store files such as images,etc then you should go for
IsolatedStorage.
Use EntityFramework to connect to SQLite, my preference is always to use the code-first database so everythings managed from your C# code, I believe EF can be modified to implement INotifyPropertyChanged on your behalf which will help setting up your bindings in WPF.
XML shouldn't be used for anything except for configuration IMHO, it will soon be deprecated in favour of JSON, I'm sure of it, not that that really affects you.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
When you send an application to someone, using another computer, besides the application itself, do I have to send the Resources File too? And if I am using a DataBase do I have to send the Database.mdf file too? And what else would you have to send to make sure your application works on another computers?
Sorry if this question is a repeated one, but most of the others just ask for a single item, either the Resources or something else. But I would like to know about everything you have to send.
Thanks a lot !
it depends on your approach. i think you have a software with database and... that you want to sell and make it owrk on other users device. you can make you app make a new database on first start. you can include database files if its local and add to user app directory and... it all depends on you packaging method and tool.
or maybe you want let someone continue the project. so you can give other developer a back up .bak format or export database files from sql server management studio and other developer can attach them to the other machine project