Click here to Skip to main content
Rate this: bad
good
Please Sign up or sign in to vote.
Hi friends,
 
I use the code bellow to connect to my database on my website:
 
string tempstr = "Data Source=" + "72.55.---.---" + ";Initial Catalog=-------;Integrated Security=False;Persist Security Info=True;User ID=" + "MYUSER" + ";Password=" + "MYPASS";
 
SqlConnection con = new SqlConnection(tempstr);
con.Open();
 
Is it secure enough ? or someone who is not professional hacker can capture the username and the password which is sent from his/her computer to my database !?
 
thanks in advance.
Posted 23-Feb-13 4:00am
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 2

  Permalink  
Comments
Mohamad77 at 23-Feb-13 23:19pm
   
Thanks a lot.
Rate this: bad
good
Please Sign up or sign in to vote.

Solution 1

I've never really worried too much about that because the ConnectionString is in compiled code on my web server. However, if you are really that concerned, write a small program to encrypt your ConnectionString creating a Byte array of the encrypted ConnectionString that you can paste into your web site source code. In your web site source code, decrypt the encrypted ConnectionString before passing it to the SQL Server.
 
There are examples in the documentation. See TripleDESCryptoServiceProvider Class[^]
  Permalink  
Comments
Mohamad77 at 23-Feb-13 9:41am
   
thanks for the answer.
you mean that I shouldn't connect directly to sql server on my website? I should first connect to my webserver (HOW?!) then the server connect to sql server then answer it ?
Mike Meinz at 23-Feb-13 10:41am
   
Your web server (web site) runs the code (ASP .NET DLL) that accesses the SQL server (database) to gather and update data. Your user's computer running a web browser connects only to your web server which then accesses the database on the SQL Server. The user's computer running the web browser does not connect to the SQL Server (database).
Mohamad77 at 23-Feb-13 23:08pm
   
yes, right.
But the user computer doesn't run web browser, he run windows application (WinForm) which is written by C# for example.
thanks anyway.
Mike Meinz at 24-Feb-13 7:37am
   
Your original question said website. Which is correct?
 
Solution 1 can be used for WinForm app, too.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
0 OriginalGriff 330
1 Sergey Alexandrovich Kryukov 279
2 BillWoodruff 245
3 Afzaal Ahmad Zeeshan 215
4 CPallini 205
0 OriginalGriff 5,635
1 DamithSL 4,496
2 Maciej Los 3,942
3 Kornfeld Eliyahu Peter 3,480
4 Sergey Alexandrovich Kryukov 3,180


Advertise | Privacy | Mobile
Web04 | 2.8.141216.1 | Last Updated 23 Feb 2013
Copyright © CodeProject, 1999-2014
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100