Re: VB2005 - Secure Access to SQL Server through Application Only

As a further note, it does not appear you can edit the connection string within the context of the application; it is considered a read-only property. Is there any way to get around this?

Matt wrote:
I guess I don't understand how to make myself clear here. I understand how to manipulate strings. My question is when I should be modifying the connection string (do I need to modify it when the application starts up and then change it back when I quit, or do I just need to modify something once?) and is there any way to insert something into the string to make it use an application role? It may seem simple to everyone else, but if someone could take the time to give a clear explanation rather than just saying "see this" or "see that", I would greatly appreciate it. It seems odd to me that it should be this challenging to securely connect two systems that were theoretically designed to work together.

Thanks,
Matt

Stephany Young wrote:
Have a look at the String class for methods that provide mainuplation functionality.

Also have a look at the various Encryption classes.


"Matt" <breakthrough@xxxxxxxxxxxxxxxx> wrote in message news:ORaJyh4WGHA.4652@xxxxxxxxxxxxxxxxxxxxxxx
VJ,
Even if I am able to encrypt the password and user ID in the file on the client side, how would I tell the application to decrypt them each time it needed to access the database? Since it automatically tries to handle opening and closing connections based on the connection string, I would need some way to inject the UID/Pass into the string. Do you have any specific tutorials you could forward me to?

Many thanks,
Matt

Vijay wrote:
I would go with SQL Server authentication and try to store the ID/PWD encrypted on the client side within a XML, text file.. whatever maybe your choice or comfort.. There are several examples how to encrypt/decrypt strings with 2003/1.1 you can easily apply the same to 2005 ...Or might even be easier in 2005/.NET 2.0

VJ


.

Relevant Pages

  • Re: Connection string stored in registry
    ... The thing is, i dont wanna now whats best, like encryption, or a global ... has the ability to read a connection string directly from a registry ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Encryption of Connection String
    ... I don't think ANY encryption is applied to the string by default. ... > Do you know what level of encryption IS applied to the connection string? ... >> to the SQL Server via SQL authentication the password is only ...
    (microsoft.public.sqlserver.security)
  • Multipart connectionstring question
    ... I’ve got an asp.net site that contains an access database. ... running the same app both on my machine and my host without making changes. ... How could one even use a server.mappath with a database connection string? ...
    (microsoft.public.dotnet.general)
  • Installer - Custom Textboxes in UI problem
    ... void Install function. ... I've tested it by writing the string out to a text file ... put the connection string and I intend to test the db connectivity and write ... throw new InstallException("The database conection information is not ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: Accessing mdb file via VB code
    ... None of the previous installs re-registers etc worked but I got it fixed ... If any of you know why my string would not work, ... You need a connection string like: ... Some people report it as happening to an entire new suite of boxes. ...
    (microsoft.public.vb.general.discussion)