Re: Security in windows forms apps

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

I did it both ways,


Design and programically.

From the looks of things if you dont use an obfusicator all litteral strings
are printed out in the exe.

SqlConnection con = new
SqlConnection(Properties.Settings.Default.MyConnectionString.ToString());

This is how I did it programmically in the app:

SqlConnection con = new SqlConnection("Data Source=MySQLDatabase;Initial
Catalog=TestDatabase;Persist Security Info=True;User
ID='myTestUser';Password=u2IC(~8xE%>82qP7J#");

It printed out my sql connection....

For all I know I might have a setting turned off or not on in vs2005 I will
keep checking but fusicator seems the only thing that encrypts it.

On another note since this is an internal app I am not too worried about it
but if I ever decide to distribute a database app its going to use web
services....

"Noah Sham" wrote:

T3Logic,

You need to ensure that your not setting these values at design time. If
you have set the connection string at design time in the IDE then those
strings will be in the compiled application.


"T3Logic" <T3Logic@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:99D09176-ED44-42F7-99BA-09E9ACA83193@xxxxxxxxxxxxxxxx
The quick solution to this problem is use a Obfusicator. Visual Studio
2003,
2005 come with a lite version.

Now I am going to spend a little time in regards to cracking the
Obfuscator
and see if it will work.

--


"T3Logic" wrote:

I have tried multiple methods of encrypting the connection string.
Everyone
has made it sound easy.

I have encrypted the connection string in the app.config file, code
behind,
etc.

Basically try this test.

Create a new app and just add a connection string. Add whatever
encryption
that you would like to use. Build the app. Go to the app's bin directory
and
rename the exe to .txt. So it will now be app.txt. Open up in notepad,
go
to the bottom of the file. You will see your connection string in text
all
nice an pretty.

Not secure. Same thing works in vb6.



.

Relevant Pages

  • Re: Saving Back-End Data As mdf
    ... complete code of a VB.NET console app. ... It's just an example to illustrate how a connection string is used. ... so it doesn't appear to be a problem with how or what I install. ... you access to the Microsoft Office Online Beta site'. ...
    (microsoft.public.access.formscoding)
  • Re: OODesign - OPF, design pattern
    ... I developed a Pocket PC app last year using the compact framework. ... Maybe my design is just very simple then, ... and its in the application layer not the business ...
    (borland.public.delphi.non-technical)
  • Re: OO design and programming...
    ... the decision was made to move everything over to SQL Server and to ... We spent well over $2MM to convert our app. ... design, and then shows you explicitly how to set up your 3 layers. ... The parent would be one class and the children would be yet ...
    (microsoft.public.dotnet.languages.vb)
  • Re: OO design and programming...
    ... Expert VB 2005 Business Objects. ... We spent well over $2MM to convert our app. ... design, and then shows you explicitly how to set up your 3 layers. ... used before such as vb.net, OO design, SQL server and Crystal!!! ...
    (microsoft.public.dotnet.languages.vb)
  • Re: OO design and programming...
    ... the decision was made to move everything over to SQL Server and to ... We spent well over $2MM to convert our app. ... design, and then shows you explicitly how to set up your 3 layers. ... The parent would be one class and the children would be yet ...
    (microsoft.public.dotnet.languages.vb)