Click here to Skip to main content
Click here to Skip to main content
Add your own
alternative version

Remove the security credentials from a connection string

, 25 Jun 2009 CPOL
This might save you 15 minutes and avoid the embarrasment of returning your 'sa' password to your customers along with an error message.
removecssecurity.zip
WindowsFormsApplication1
bin
Debug
WindowsFormsApplication1.exe
WindowsFormsApplication1.vshost.exe
WindowsFormsApplication1.vshost.exe.manifest
Properties
Settings.settings
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;

namespace WindowsFormsApplication1
{
    public partial class Form1 : Form
    {
        string m_DatabaseConnectionString = "Data Source=MYHAPPYHAPPYDB\\SQLEXPRESS;Initial Catalog=JoyJoy;user=sa;password=W@nk3r";

        public Form1()
        {
            InitializeComponent();
        }

        private void button1_Click(object sender, EventArgs e)
        {
            string message = "Blah blah blah [" + m_DatabaseConnectionString + "] blah";

            string tmpStr = RemoveConnectionStringSecurity(message);

            MessageBox.Show(message + "\r\n\r\n becomes \r\n\r\n" + tmpStr);
        }

        private string RemoveConnectionStringSecurity(string inString)
        {
            string[] securityQualifiers = new string[] { "user", "uid", "password", "pwd" };
            string retStr = m_DatabaseConnectionString;

            foreach (string qualifier in securityQualifiers)
            {
                if (retStr.IndexOf(qualifier + "=") > 0)
                {
                    // Remove Security Qualifier
                    try
                    {
                        retStr = retStr.Substring(0, retStr.ToLower().IndexOf(qualifier + "=") + qualifier.Length + 1)
                            + "*HIDDEN*"
                            + retStr.Substring
                            (
                                retStr.ToLower().IndexOf(qualifier + "="),
                                retStr.Length - retStr.ToLower().IndexOf(qualifier + "=")
                            ).Substring
                                (
                                    retStr.Substring
                                    (
                                        retStr.ToLower().IndexOf(qualifier + "="),
                                        retStr.Length - retStr.ToLower().IndexOf(qualifier + "=")
                                    ).IndexOf(";")
                                );
                    }
                    catch
                    {
                    // Last element and no terminating ';'
                        retStr = retStr.Substring(0, retStr.ToLower().IndexOf(qualifier + "=") + qualifier.Length + 1)
                            + "*HIDDEN*";
                    }
                }
            }

            return inString.Replace(m_DatabaseConnectionString, retStr);
        }

    }
}

By viewing downloads associated with this article you agree to the Terms of Service and the article's licence.

If a file you wish to view isn't highlighted, and is a text file (not binary), please let us know and we'll add colourisation support for it.

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Share

About the Author

Simon Tagg

United Kingdom United Kingdom
No Biography provided

| Advertise | Privacy | Mobile
Web01 | 2.8.141022.2 | Last Updated 25 Jun 2009
Article Copyright 2009 by Simon Tagg
Everything else Copyright © CodeProject, 1999-2014
Terms of Service
Layout: fixed | fluid