Click here to Skip to main content
13,143,008 members (54,306 online)
Rate this:
Please Sign up or sign in to vote.
Hi friends,

I use the code bellow to connect to my database on my website:

string tempstr = "Data Source=" + "72.55.---.---" + ";Initial Catalog=-------;Integrated Security=False;Persist Security Info=True;User ID=" + "MYUSER" + ";Password=" + "MYPASS";
SqlConnection con = new SqlConnection(tempstr);

Is it secure enough ? or someone who is not professional hacker can capture the username and the password which is sent from his/her computer to my database !?

thanks in advance.
Posted 23-Feb-13 3:00am
Rate this: bad
Please Sign up or sign in to vote.

Solution 2

Mohamad77 23-Feb-13 23:19pm
Thanks a lot.
Rate this: bad
Please Sign up or sign in to vote.

Solution 1

I've never really worried too much about that because the ConnectionString is in compiled code on my web server. However, if you are really that concerned, write a small program to encrypt your ConnectionString creating a Byte array of the encrypted ConnectionString that you can paste into your web site source code. In your web site source code, decrypt the encrypted ConnectionString before passing it to the SQL Server.

There are examples in the documentation. See TripleDESCryptoServiceProvider Class[^]
Mohamad77 23-Feb-13 9:41am
thanks for the answer.
you mean that I shouldn't connect directly to sql server on my website? I should first connect to my webserver (HOW?!) then the server connect to sql server then answer it ?
Mike Meinz 23-Feb-13 10:41am
Your web server (web site) runs the code (ASP .NET DLL) that accesses the SQL server (database) to gather and update data. Your user's computer running a web browser connects only to your web server which then accesses the database on the SQL Server. The user's computer running the web browser does not connect to the SQL Server (database).
Mohamad77 23-Feb-13 23:08pm
yes, right.
But the user computer doesn't run web browser, he run windows application (WinForm) which is written by C# for example.
thanks anyway.
Mike Meinz 24-Feb-13 7:37am
Your original question said website. Which is correct?

Solution 1 can be used for WinForm app, too.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

  Print Answers RSS
Top Experts
Last 24hrsThis month

Advertise | Privacy |
Web03 | 2.8.170915.1 | Last Updated 23 Feb 2013
Copyright © CodeProject, 1999-2017
All Rights Reserved. Terms of Service
Layout: fixed | fluid

CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100