Click here to Skip to main content
15,936,903 members
Articles / Programming Languages / C#

Remove the security credentials from a connection string

Rate me:
Please Sign up or sign in to vote.
1.00/5 (1 vote)
25 Jun 2009CPOL 22.8K   54   5   9
This might save you 15 minutes and avoid the embarrasment of returning your 'sa' password to your customers along with an error message.

Introduction

This is a noddy app with a method to remove the security credentials from a database connection string.

Background

It's the sort of thing that you have to write over and over wherever you go and is always more time consuming than you would think.

Using the code

Feel free to use this - add more security qualifiers if you like too - at present, the example only hits user, uid, pwd, and password.

The main method is as follows - so no need to download the code:

C#
string m_DatabaseConnectionString = 
  "Data Source=MYHAPPYHAPPYDB\\SQLEXPRESS;Initial Catalog=JoyJoy;user=sa;password=W@nk3r";

private string RemoveConnectionStringSecurity(string inString)
{
    string[] securityQualifiers = new string[] { "user", "uid", 
                                      "password", "pwd" };
    string retStr = m_DatabaseConnectionString;

    foreach (string qualifier in securityQualifiers)
    {
        if (retStr.IndexOf(qualifier + "=") > 0)
        {
        // Remove Security Qualifier
            try
            {
                retStr = retStr.Substring(0, 
                         retStr.ToLower().IndexOf(qualifier + "=") + 
                         qualifier.Length + 1)
                        + "*HIDDEN*"
                        + retStr.Substring
                        (
                            retStr.ToLower().IndexOf(qualifier + "="),
                            retStr.Length - retStr.ToLower().IndexOf(qualifier + "=")
                        ).Substring
                        (
                            retStr.Substring
                            (
                                retStr.ToLower().IndexOf(qualifier + "="),
                                retStr.Length - retStr.ToLower().IndexOf(qualifier + "=")
                            ).IndexOf(";")
                        );
            }
            catch
            {
            // Last element and no terminating ';'
                retStr = retStr.Substring(0, 
                  retStr.ToLower().IndexOf(qualifier + "=") + qualifier.Length + 1)
                  + "*HIDDEN*";
            }
        }
    }

    return inString.Replace(m_DatabaseConnectionString, retStr);
}

License

This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


Written By
United Kingdom United Kingdom
This member has not yet provided a Biography. Assume it's interesting and varied, and probably something to do with programming.

Comments and Discussions

 
QuestionEF Connection String doesn't work with SqlConnectionStringBuilder Pin
jvonsatan22-Dec-14 6:14
jvonsatan22-Dec-14 6:14 
QuestionRegEx version Pin
Member 1049628631-Dec-13 0:11
Member 1049628631-Dec-13 0:11 
GeneralMy vote of 1 Pin
Joe Programm3r25-Jun-09 6:44
Joe Programm3r25-Jun-09 6:44 
QuestionWouldn't this have been easier? Pin
Joe Programm3r25-Jun-09 6:43
Joe Programm3r25-Jun-09 6:43 
AnswerRe: Wouldn't this have been easier? Pin
Simon Tagg25-Jun-09 23:07
Simon Tagg25-Jun-09 23:07 
QuestionWouldn't DbConnectionStringBuilder be easier to use? Pin
Peter Rosconi25-Jun-09 6:21
Peter Rosconi25-Jun-09 6:21 
AnswerRe: Wouldn't DbConnectionStringBuilder be easier to use? Pin
Simon Tagg25-Jun-09 23:28
Simon Tagg25-Jun-09 23:28 
GeneralMy vote of 1 Pin
Andre Sanches (alvs)25-Jun-09 6:18
Andre Sanches (alvs)25-Jun-09 6:18 
GeneralRe: My vote of 1 Pin
Simon Tagg25-Jun-09 23:09
Simon Tagg25-Jun-09 23:09 

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.