Encrypting connection string


Feb 16, 2005
Programming Experience
In my application, there is a connection string to the database.
Is there any way I can prevent people from knowing the actual connection string (especially from admin people who know actually know the code of the program)?

Below are the ways I thought of but they all seem to have flaw:
1) save in the registry (admin ppl know which registry it's saved at and can easily find out)
2) save in the config file and load from the program (ppl can access the config file and will find out the connection string
3) actually encryting with base64 encryption with preset encryption value (if ppl know the encryption value, they can easily decrypt)

Are there any other ways that would work for the specification?

Thanks a lot.
Obfuscation! Obfuscate your assemblies so they can't read it with ILDASM/Reflector, etc. I suggest Preemptive's Dotfuscator Professional Edition. Review available at the top of these forums.
Thanks Neal...

In fact the case right now is that I have a web.config file that stores the database connection string. However, since web.config is easily accessable, is there a way to let's say encrypt the file or block people from accessing it?
Thanks again.
.config files are not accessible unless you change something in the system. .NET knows not to server config files, but you could implement encryption into the system if you so choose. Such as encrypting a "value" and then your application would read the encrypted value, decrypt it, then use it. Many ways to skin the cat, your creativity is your only limitation. However, know the system and don't do needless work.
May I go on and ask....let's say I'm working on a normal window form application, with the string storing in app.config. How can I keep the config file from being accessed by others?
Since it's local machine, people can click directly to the file and open the config file.
no need to be sorry....
since I am actually going to implement both ways...
I just want to see whether I can keep the app.config secret as well...
Cause that's the major problem i'm encountering right now.


Latest posts