Encrypt database string VB.NET

Question

0.00/5 (No votes)

See more:

Hai, I am developing a software for school using VB.Net.... my task is that I want to create a protected Database Connection Sting. means nobody can check what is my database string. Is there any tool or any methods which can help to accomplish this task..
I saw many software ever older version which is running our school, has very complicated DB String system... I am unable to find where it is stored... so please help me to create a protected string..

usually in app.config file stores the string.. here I am pasting the config file of our old software...

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
	<appSettings>
		<add key="School" value="Data Source=.;Initial Catalog=NO NEED OF DATABASE NAME;User ID=sa;Password=abc"/>
	</appSettings>
</configuration>

so please help me....

What I have tried:

still I am struggling with this topic... it is just my beginning... please help

Posted 9-Jul-17 4:12am

Rajan Pandit

Updated 11-Jul-17 13:00pm

Add a Solution

5 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Dave Kreskowiak · Answer 1 · 2017-07-09T04:36:00

Solution 2

A little Google goes a long way: encrypt connection string in app.config - Google Search[^]

There's tons of information out there on it.

Posted 9-Jul-17 4:36am

Dave Kreskowiak

Rajesh Pandya · Answer 2 · 2017-07-10T02:26:00

Solution 3

Encrypt your connection string and then use it in your app.confing.
For encryption check this link:[^]

Posted 10-Jul-17 2:26am

Rajesh Pandya

RickZeeland · Answer 3 · 2017-07-09T04:33:00

If you want to protect your connection string it would be better not to store it in the .config file.
If you keep the connection string in code and use an obfuscator like Dotfuscator, it will be protected better.
Even better is to use encryption, see: Encrypting and Decrypting Strings in Visual Basic | Microsoft Docs[.]
Also see: .NET Encryption Simplified[^]

Atlapure Ambrish · Answer 4 · 2017-07-11T00:45:00

You can use an algorithm to encrypt the connectionstring and use an encryption key to encrypt it. You can store it in your config file after it is encrypted and when needed for any database operation, you can decrypt it using same encryption key and use it. The key used to encrypt can be defined as constant in your code.

E.g.:
This article

mgoad99 · Answer 5 · 2017-07-11T13:00:00

I have done this a few times. Its a pain to figure out the first time. Basically, there is a .net command line tool that you can use to encrypt sections of a web.config file.

Now, you have to encrypt the file on the pc/server it will reside on. This is because the encryption is done using keys specific to that machine. This makes it a pain because the web.config file will be different on your local pc and on the server.

Because of this I recommend first moving the connection strings into a separate config file. This way you can move that file to the server when ready and encrypt that file only. You can continue to make changes to the web.config file and deploy with out undoing your encryption.

It will look something like this in the web.config file to point to a separate file for connection string.
<connectionStrings configSource="ConnectionStrings.config">

Article to move connection strings to a separate file:
ASP.NET MVC: Keep Private Settings Out of Source Control | John Atten[^]

To encrypt web.config file
How to: Encrypt a web.config File[^]

Good luck!

Encrypt database string VB.NET

5 solutions

Solution 2

Solution 3

Solution 1

Solution 4

Solution 5

Add your solution here

Preview 0