Re: protecting login information
From: Mike Labosh (mlabosh_at_hotmail.com)
Date: 10/27/04
- Next message: Peter Proost: "Re: crystal reports unreleased connections"
- Previous message: Derek Martin: "Re: Getting the user's DN"
- In reply to: Bob: "protecting login information"
- Messages sorted by: [ date ] [ thread ]
Date: Wed, 27 Oct 2004 10:42:32 -0400
> Right now in order to protect SQL Server login information I have it
> hard-coded into my application. I don't exactly like that, but I can't
> figure out a way to store it elsewhere since the application itself has to
> go find it, with the users credentials. So I was thinking about creating a
> little utility to cypher the login and password and store it in a plain
> text
> file; the app would be able to decrypt it and use it but users wouldn't be
> able to decode it at all. Is this a good way to protect login info? I
> don't
> want to reinvent the wheel, so I ask here.
Sure, you could do that. For example, America Online Instant Messenger
stores passwords for auto-login in the registry as a cyphered string.
You could also store your cypher as a key in your App.config file next to
your connection string key and use
System.Configuration.ConfigurationSettings.AppSettings to get the password
cypher, uncypher it and append it to your connection string at runtime.
If you can use Windows Authentication with your SQL Server, I think that's a
lot better, because then you don't have to worry about it.
-- Peace & happy computing, Mike Labosh, MCSD "I have no choice but to believe in free will."
- Next message: Peter Proost: "Re: crystal reports unreleased connections"
- Previous message: Derek Martin: "Re: Getting the user's DN"
- In reply to: Bob: "protecting login information"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
