Sql connection security

Question

0.00/5 (No votes)

See more:

Hi friends,

I use the code bellow to connect to my database on my website:

C#

string tempstr = "Data Source=" + "72.55.---.---" + ";Initial Catalog=-------;Integrated Security=False;Persist Security Info=True;User ID=" + "MYUSER" + ";Password=" + "MYPASS";

SqlConnection con = new SqlConnection(tempstr);
con.Open();

Is it secure enough ? or someone who is not professional hacker can capture the username and the password which is sent from his/her computer to my database !?

thanks in advance.

Posted 23-Feb-13 3:00am

Mohamad77

Add a Solution

2 solutions

Solution 1

I've never really worried too much about that because the ConnectionString is in compiled code on my web server. However, if you are really that concerned, write a small program to encrypt your ConnectionString creating a Byte array of the encrypted ConnectionString that you can paste into your web site source code. In your web site source code, decrypt the encrypted ConnectionString before passing it to the SQL Server.

There are examples in the documentation. See TripleDESCryptoServiceProvider Class[^]

Posted 23-Feb-13 3:37am

Mike Meinz

Comments

Mohamad77 23-Feb-13 9:41am

thanks for the answer.
you mean that I shouldn't connect directly to sql server on my website? I should first connect to my webserver (HOW?!) then the server connect to sql server then answer it ?

Mike Meinz 23-Feb-13 10:41am

Your web server (web site) runs the code (ASP .NET DLL) that accesses the SQL server (database) to gather and update data. Your user's computer running a web browser connects only to your web server which then accesses the database on the SQL Server. The user's computer running the web browser does not connect to the SQL Server (database).

Mohamad77 23-Feb-13 23:08pm

yes, right.
But the user computer doesn't run web browser, he run windows application (WinForm) which is written by C# for example.
thanks anyway.

Mike Meinz 24-Feb-13 7:37am

Your original question said website. Which is correct?

Solution 1 can be used for WinForm app, too.

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Tharaka MTR · Accepted Answer · 2013-02-23T03:38:00

Solution 2

you can encrypt your connection string

Check following
http://msdn.microsoft.com/en-us/library/89211k9b(v=vs.80).aspx[^]
Encrypting the app.config File for Windows Forms Applications[^]

Posted 23-Feb-13 3:38am

Tharaka MTR

Comments

Mohamad77 23-Feb-13 23:19pm

Thanks a lot.