Managing ConnectionStrings (Securely)
Database driven webapplications and windows applications normally store the connection related info (which is often called as ConnectionStrings), into some standard INI or registry entries. .NET applications have an edge since they have a predefined configuration file like web.config or app.config for web or windows application respectively.
But the following daunting questions appear to the user:
- How to build a connectionstring easily?
- How to securely store the connectionstring since it has username, password and other sensitive info?
Here is a humble attempt to answer the queries to the user.
How to build a connectionstring easily
- If you know the provider or driver you are going to use, you can hand-prepare the connectionstring based on the manual and/or documentation or samples in hand.
- Check out http://www.connectionstrings.com/. For any connectionstrings, this, I guess would be a very useful resource for developers worldwide.
- You can easily build a simple connectionstring editor using a simple editor like using a tool like DanMeyar has given.
How to secure the connectionstrings
- Securing a connectionstring is a debated question. Perhaps my other article in CodeProject also attempts to explain this. Check it out here.
- Trusted Connections You can enable Trusted Connection for the account running your webapplication to the database of the application. Like ASPNET account in SQLServer for your database. Or you can use impersonation. Even Oracle now supports OS Integrated Authentication. This way, you can avoid storing passwords n web.config
- ASPNET_SetReg.exe: You can use this Microsoft provided tool to encrypt and store credentials in the registry. Check out more details from Microsoft Support Article 329290.
I hope these would be very useful for developers of web applications and windows applications.
No comments:
Post a Comment