加密 SQL 连接字符串 C#
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/2160515/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
encrypt SQL connectionstring c#
提问by Tobi
I created an c# application (not asp webpage) which connects to a sql 2005 server. In my sourcecode the password and userid for this sql-server is coded plain text in ConnectionString.
我创建了一个连接到 sql 2005 服务器的 c# 应用程序(不是 asp 网页)。在我的源代码中,这个 sql-server 的密码和用户 ID 在 ConnectionString 中被编码为纯文本。
SqlConnection con = new SqlConnection();
con.ConnectionString =
"Data Source=server1;"+
"Initial Catalog=mydatabase;"+
"Integrated Security=no;"+
"User ID=admin;Password=mypassword;";
con.Open();
Is there a easy way to encrypt password or whole connectionstring, that other peoples who disassemble my tool are not able to see the password?
有没有一种简单的方法来加密密码或整个连接字符串,让其他反汇编我的工具的人看不到密码?
thanks
谢谢
回答by Jonas Lincoln
You should store your connection string in a config file and encrypt that section. See http://www.4guysfromrolla.com/articles/021506-1.aspxor http://msdn.microsoft.com/en-us/library/89211k9b%28VS.80%29.aspx.
您应该将连接字符串存储在配置文件中并加密该部分。请参阅http://www.4guysfromrolla.com/articles/021506-1.aspx或http://msdn.microsoft.com/en-us/library/89211k9b%28VS.80%29.aspx。
回答by Jonas Elfstr?m
You can encrypt sectionsin the app.config in the same way as web.config. MS calls it Protected Configuration. Since both the enrypted data and the key resides on the same machine it only makes it harder but in theory not impossible to get to the data.
您可以使用与 web.config 相同的方式加密app.config 中的部分。MS 称其为Protected Configuration。由于加密数据和密钥都位于同一台机器上,这只会增加获取数据的难度,但理论上并非不可能。
回答by adrianm
No, you can only make it difficult
不,你只能让它变得困难
It is better to let the application use a special database login which only got access to the tables/procedures necessary.
最好让应用程序使用一个特殊的数据库登录,它只能访问必要的表/过程。
回答by Bhaskar
There are two ways of doing it:
有两种方法可以做到:
1) You can use Configuration Secure Section to encrypt and decrypt connection strimng from your source code:
1)您可以使用配置安全部分来加密和解密源代码中的连接:
try
{
// Open the configuration file and retrieve
// the connectionStrings section.
Configuration config = ConfigurationManager.
OpenExeConfiguration(exeConfigName);
ConnectionStringsSection section =
config.GetSection("connectionStrings")
as ConnectionStringsSection;
if (section.SectionInformation.IsProtected)
{
// Remove encryption.
section.SectionInformation.UnprotectSection();
}
else
{
// Encrypt the section.
section.SectionInformation.ProtectSection(
"DataProtectionConfigurationProvider");
}
// Save the current configuration.
config.Save();
Console.WriteLine("Protected={0}",
section.SectionInformation.IsProtected);
}
catch (Exception ex)
{
Console.WriteLine(ex.Message);
}
2) You can Enterprise Library Data Access Application Block to perform the encryption using RSAProtectedConfigurationProvider or DPAPIProtectedConfigurationProvider.
2) 您可以在 Enterprise Library Data Access Application Block 中使用 RSAProtectedConfigurationProvider 或 DPAPIProtectedConfigurationProvider 来执行加密。
For a full articvle go to --> http://msdn.microsoft.com/en-us/library/89211k9b(VS.80).aspx
有关完整的文章,请访问 --> http://msdn.microsoft.com/en-us/library/89211k9b(VS.80).aspx
回答by balram
you can also store the UserName and Password in the Registry instead of storing in the config file. Read the Username and Password from registry when trying to connect to the database. Remember you have to Encrypt the Username and password while storing in the Registry and Decrypt the Username and Password while retrieving from the Registry.
您还可以将用户名和密码存储在注册表中,而不是存储在配置文件中。尝试连接到数据库时,从注册表中读取用户名和密码。请记住,您必须在存储在注册表中时加密用户名和密码,并在从注册表中检索时解密用户名和密码。
