There is a good combination of ideas in here......
http://msdn.microsoft.com/msdnmag/issues/03/11/ProtectYourData/default.aspx On Thursday, December 09, 2004, at 03:55PM, Eddie Lascu <[EMAIL PROTECTED]> wrote: >I would like to hear about different options to securely store a database >connection string. In the past we used to hard code it but that meant that >we will never be able to change it unless we were ready to recompile the >hole application/system (or at least parts of it). With .NET the app.config >file is an easy place to put it. It's convenient because you can change it >with a simple text editor (Notepad). You don't need to recompile your >application, a restart would be enough (ASP.NET doesn't even need that). >However, it's not really secure because everyone can have access to it. Is >there a way to encrypt the app.config or at least parts of it? I guess I >could encrypt the connection string and store it in the app.config. I could >include the decryption algorithm in my app but then I would need a different >application to be able to decrypt the string, change it and encrypt it back >into the app.config. >I am really curious about what are different options here. > >All the best, >Eddie > >=================================== >This list is hosted by DevelopMentor� http://www.develop.com >Some .NET courses you may be interested in: > >Essential .NET: building applications and components with C# >November 29 - December 3, in Los Angeles >http://www.develop.com/courses/edotnet > >View archives and manage your subscription(s) at http://discuss.develop.com > > =================================== This list is hosted by DevelopMentor� http://www.develop.com Some .NET courses you may be interested in: Essential .NET: building applications and components with C# November 29 - December 3, in Los Angeles http://www.develop.com/courses/edotnet View archives and manage your subscription(s) at http://discuss.develop.com
