问题
i create a c# program that use mysql to verify user login.I googled about connection string security and every thing was about web.config file. Is that necessary to hide connection string in pure c# program?if yes, please give me reference to do that.
I encrypt my code, is that enough to protect connection string in my program?
private static MySqlConnection myConnection = new MySqlConnection("sample connection string");
tiny edit after solve the problem:
I find goof article and project to encrypt App.config designed for connection string that you can check it here
回答1:
You can refer Securing Connection Strings.
you should encrypt the configuration file so that the user name and password are not exposed in clear text.
So putting the connection string in the config file and encryting it is one way to make your connection string secure.
Encrypt Configuration Files
You can also store connection strings in configuration files, which eliminates the need to embed them in your application's code. Configuration files are standard XML files for which the .NET Framework has defined a common set of elements. Connection strings in configuration files are typically stored inside the element in the app.config for a Windows application, or the web.config file for an ASP.NET application.
MSDN Reference:
- Protecting Connection Information
- How To: Secure Connection Strings when Using Data Source Controls
来源:https://stackoverflow.com/questions/33259587/connection-string-security-c-sharp