Click here to Skip to main content
13,398,889 members (33,429 online)
Click here to Skip to main content
Add your own
alternative version


5 bookmarked
Posted 25 Jun 2009

Remove the security credentials from a connection string

, 25 Jun 2009
Rate this:
Please Sign up or sign in to vote.
This might save you 15 minutes and avoid the embarrasment of returning your 'sa' password to your customers along with an error message.


This is a noddy app with a method to remove the security credentials from a database connection string.


It's the sort of thing that you have to write over and over wherever you go and is always more time consuming than you would think.

Using the code

Feel free to use this - add more security qualifiers if you like too - at present, the example only hits user, uid, pwd, and password.

The main method is as follows - so no need to download the code:

string m_DatabaseConnectionString = 
  "Data Source=MYHAPPYHAPPYDB\\SQLEXPRESS;Initial Catalog=JoyJoy;user=sa;password=W@nk3r";

private string RemoveConnectionStringSecurity(string inString)
    string[] securityQualifiers = new string[] { "user", "uid", 
                                      "password", "pwd" };
    string retStr = m_DatabaseConnectionString;

    foreach (string qualifier in securityQualifiers)
        if (retStr.IndexOf(qualifier + "=") > 0)
        // Remove Security Qualifier
                retStr = retStr.Substring(0, 
                         retStr.ToLower().IndexOf(qualifier + "=") + 
                         qualifier.Length + 1)
                        + "*HIDDEN*"
                        + retStr.Substring
                            retStr.ToLower().IndexOf(qualifier + "="),
                            retStr.Length - retStr.ToLower().IndexOf(qualifier + "=")
                                retStr.ToLower().IndexOf(qualifier + "="),
                                retStr.Length - retStr.ToLower().IndexOf(qualifier + "=")
            // Last element and no terminating ';'
                retStr = retStr.Substring(0, 
                  retStr.ToLower().IndexOf(qualifier + "=") + qualifier.Length + 1)
                  + "*HIDDEN*";

    return inString.Replace(m_DatabaseConnectionString, retStr);


This article, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)


About the Author

Simon Tagg
United Kingdom United Kingdom
No Biography provided

You may also be interested in...

Comments and Discussions

QuestionWouldn't this have been easier? Pin
Joe Programm3r25-Jun-09 7:43
memberJoe Programm3r25-Jun-09 7:43 
AnswerRe: Wouldn't this have been easier? Pin
Simon Tagg26-Jun-09 0:07
memberSimon Tagg26-Jun-09 0:07 
The point is that the connection string is often returned embededed in an exception message that is logged and/or returned to the user - therefore your way does not work.

Thanks anyway for the comment.

General General    News News    Suggestion Suggestion    Question Question    Bug Bug    Answer Answer    Joke Joke    Praise Praise    Rant Rant    Admin Admin   

Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.

Permalink | Advertise | Privacy | Terms of Use | Mobile
Web02 | 2.8.180218.2 | Last Updated 25 Jun 2009
Article Copyright 2009 by Simon Tagg
Everything else Copyright © CodeProject, 1999-2018
Layout: fixed | fluid