Hide connection string.

Question

0.00/5 (No votes)

See more:

How to hide connection string information in web.config file in c#.net?
Please reply with an example.

[EDIT] changed the subject [/EDIT]

Posted 31-Jan-11 18:47pm

dev kapse

Updated 31-Jan-11 18:58pm

m@dhu

v3

Add a Solution

3 solutions

Solution 2

If you mean making web.config file invisible for system users, it would make in invisible for your application. If you make it visible for your application, it means any user having sufficient privileges will be able to read. You can only work-around it not having connection string at all in this file. For example, you could specially design ciphered storage (say, based on XML file), decode it on the fly and code assignment of you connection string programmatically in your application.

Can this idea help you?

—SA

Posted 31-Jan-11 18:55pm

Sergey Alexandrovich Kryukov

Updated 31-Jan-11 21:23pm

v4

Comments

RaviRanjanKr 1-Feb-11 1:00am

Excellent Idea SA

Sergey Alexandrovich Kryukov 1-Feb-11 1:18am

You mean deleting this? :-)

RaviRanjanKr 1-Feb-11 1:37am

No! SA
I read your answer and i think it can be a good idea to invisible web.config. that's why i voted 5

OriginalGriff 1-Feb-11 1:42am

Do you want me to delete this for you? You should be high enough level to do that yourself - have you not got a Red "X" near "Improve Answer"?
If you want it gone, just tell me, and I'll do the deed!

Sergey Alexandrovich Kryukov 1-Feb-11 2:47am

I actually requested to delete by this flag.
--SA

OriginalGriff 1-Feb-11 2:52am

If you mean the Red Flag at the bottom right of your answer: don't use that! It reports a message as inappropriate: I.e. as containing offensive or illegal material. Not what you want, either as a "spurious reporter" or as an author of such material.
Use the Red "X", or I'll do it for you if you don't have one - you certainly should have it, you rep is well good enough for that.

Sergey Alexandrovich Kryukov 1-Feb-11 2:57am

Please see my answer to your question below.
--SA

Sergey Alexandrovich Kryukov 1-Feb-11 2:56am

Oops. Thank you. I knew it's reporting, but I selected "Other" and commented that a better answer was put first (in, fact, at the time I was editing). Now I don't know. Do you think the answer makes sense, on top of the article on encryption referenced by Amit?
--SA

OriginalGriff 1-Feb-11 3:03am

I can see where you were going, and it does make some sense. But it is a bit "sledgehammer to crack a nut" in a way. Certainly, encryption is a better solution in that it is more obvious what is going on. Hiding web.config isn't that secure, and could confuse people - I frequently have multiple web.config files in different folders to restrict / permit access, and a hidden one in the root could cause a "huh?" moment or two.

Should your question be deleted? No, I don't think so. It's a valid solution; just not as "good" as encryption.

Sergey Alexandrovich Kryukov 1-Feb-11 3:22am

I agree. And I do see the downside. Confusing people about hidden string (I didn't say web.config, I meant a separate storage for whatever is secret) is a part of OP's requirement, in a way :-) Anyway, Amit pointed out more sensible solution; at the moment of writing I did not know exactly if it's feasible, but now I'm informed.
Based on your and Ravi's comments I would kept the answer -- what's said is said -- if possible of course.
--SA

Solution 3

Encryption will be the best approach to hide the information. Why the connection string kind of information stored in webconfig in, there is no need to compile the code again if its changed and its ease to access globally. If Encryption/Decryption method is followed be extra care while you changing the userid and password in the string.

And for example you can refer this article [^] . It may help you :)

Posted 31-Jan-11 19:00pm

Baji Jabbar

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Wild-Programmer · Accepted Answer · 2011-01-31T18:53:00

Solution 1

You can hide the connection string by encrypting it in web.config.

See it with example here http://msdn.microsoft.com/en-us/library/ms998283.aspx[^]

Posted 31-Jan-11 18:53pm

Wild-Programmer

Comments

Sergey Alexandrovich Kryukov 1-Feb-11 0:56am

It looks like a better suggestion - my 5.
--SA

RaviRanjanKr 1-Feb-11 0:59am

Nice Answer Amit.
take my 5

Pravin Patil, Mumbai 1-Feb-11 1:04am

Take my 5...

TweakBird 1-Feb-11 1:05am

Good link.

Wild-Programmer 1-Feb-11 1:41am

Thanks everyone :)