Re: Securing Connection string
From: Andrea Montanari (andrea.sqlDMO_at_virgilio.it)
Date: 05/08/04
- Next message: Andrea Montanari: "Re: OSQL is Unable to see SQL Server and MSDE 2000 on the same machine"
- Previous message: Dominique: "error.log invalid protocol specified"
- In reply to: qa: "Securing Connection string"
- Next in thread: qa: "Re: Securing Connection string"
- Reply: qa: "Re: Securing Connection string"
- Messages sorted by: [ date ] [ thread ]
Date: Sat, 8 May 2004 16:04:22 +0200
hi,
"qa" <anonymous@discussions.microsoft.com> ha scritto nel messaggio
news:571615C9-5EE7-431A-B509-87E66E1D1ECE@microsoft.com...
> Hi,
>
> I am working on an vb.net win app and my connection string will be in the
app.config file. This
>connection string will have the username and password for conencting to my
MSDE instance as I do
>not anyone but my application to have access to my SQL Server instance and
the databases it has. 2
>questions about it:
>
> 1> How do I make sure that the username and password in the connection
string remain safe. I mean
>it is a viewable file. Is there any way to encrypt it. Is yes, then how
and where do you recommend I
>save the key.
>
you have to encrypt your way, possibly using .Net encription features, else
the XML file will host the plain text....
I do not find this a good solution, becouse you resort to something similar
to an application role if all your users will login with te same
credentials... you loose the possibility to identify users and loose
eventually audit features...
> 2> I do not want anyone but my application to have access to my database.
How can I make sure that
>no one else, not even the admin can access it.
you can't... every WindowsNT login sith admin privilege, member of SQL
Server sysadmin server role, will be able to connect to your MSDE instance
and query/modify your data and your database structure...
you can protect your stored procedures/user functions code creating them
with WITH ENCRYPTION option, but your data will still be accessible, as long
as your tables structure.. if you wanto to protect data you have to resort
to self built encrytion algorithms and/or third parties tools like
http://www.activecrypt.com/index.htm
-- Andrea Montanari (Microsoft MVP - SQL Server) http://www.asql.biz/DbaMgr.shtm http://italy.mvps.org DbaMgr2k ver 0.7.0 - DbaMgr ver 0.53.0 (my vb6+sql-dmo little try to provide MS MSDE 1.0 and MSDE 2000 a visual interface) --------- remove DMO to reply
- Next message: Andrea Montanari: "Re: OSQL is Unable to see SQL Server and MSDE 2000 on the same machine"
- Previous message: Dominique: "error.log invalid protocol specified"
- In reply to: qa: "Securing Connection string"
- Next in thread: qa: "Re: Securing Connection string"
- Reply: qa: "Re: Securing Connection string"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
