Skip to main content

Managing ConnectionStrings (Securely)

Managing ConnectionStrings (Securely)

Database driven webapplications and windows applications normally store the connection related info (which is often called as ConnectionStrings), into some standard INI or registry entries. .NET applications have an edge since they have a predefined configuration file like web.config or app.config for web or windows application respectively.

But the following daunting questions appear to the user:

  1. How to build a connectionstring easily?
  2. How to securely store the connectionstring since it has username, password and other sensitive info?

Here is a humble attempt to answer the queries to the user.

How to build a connectionstring easily

  1. If you know the provider or driver you are going to use, you can hand-prepare the connectionstring based on the manual and/or documentation or samples in hand.
  2. Check out For any connectionstrings, this, I guess would be a very useful resource for developers worldwide.
  3. You can easily build a simple connectionstring editor using a simple editor like using a tool like DanMeyar has given.

How to secure the connectionstrings

  1. Securing a connectionstring is a debated question. Perhaps my other article in CodeProject also attempts to explain this. Check it out here.
  2. Trusted Connections You can enable Trusted Connection for the account running your webapplication to the database of the application. Like ASPNET account in SQLServer for your database. Or you can use impersonation. Even Oracle now supports OS Integrated Authentication. This way, you can avoid storing passwords n web.config
  3. ASPNET_SetReg.exe: You can use this Microsoft provided tool to encrypt and store credentials in the registry. Check out more details from Microsoft Support Article 329290.

I hope these would be very useful for developers of web applications and windows applications.


Popular posts from this blog

Google NCR

Google NCRMost of you would be knowing about this trick in navigating to Google generic website. But I just came to know only a few days before and hence thought I would share the information with others too.
Whenever you type, Google automatically tries to redirect you to your country-specific website. For me, it always redirects to (Google India). But when we specifically want to navigate to Google Generic website for some reason, there are two ways to accomplish the same.Click the 'Go to' link at the bottom of the webpage that is displayed from prevent this redundant click, you can opt to type which would prevent the redirect from happening. The NCR stands for No Country Redirect. There is a brief discussion about this NCR over this forum.You may also like to check out Google help documentation regarding the country redirections from here.

Elegant 'MailTo' Replacement

Elegant 'MailTo' Replacement

MailTo tags have become a bane to all websites since spammers run spam robots which crawl the web to capture the email addresses, add to their catalogs and send spams to them. I just thought of sharing with others a simple JavaScript function which would trigger open the default email client instead of having mailto: embedded in the HTML Page.

Just have the following function included in your webpage

<script language='Javascript'>
function WriteMailTo(user,domain)
location.replace ('mailto:'+user+'@'+domain);

And whereever you want to invoke the mailto, just called WriteMailTo('user','') and the user's default email client should be launching (if configured) without any hassles.

Contacts import utility from Web2Project to Addressbook

I have been using Web2Project for planning my personal and professional tasks for a few years now. Now I have bifurcated the tools into the following:

Project PierAddress Book The only issue I had was to import my addressbook from Web2Project to AB. PP is a different animal. It does not serve as a comprehensive candidate for addressbook and hence I needed this bifurcation. 
I wrote up a following simple script to import the contacts to AB. The pre-requisite for this script is to hop on to PhpMyAdmin, export the contacts as a PHP array and then  modify the path in our import script to whatever you downloaded from PhpMyAdmin.
Our import script would explode the entries as SQL scripts into the browser window. Copy them and execute into PhpMyAdmin AB database to have the contacts imported.

Script URL: