2 Replies - 1351 Views - Last Post: 16 September 2013 - 06:20 AM Rate Topic: -----

#1 Bladewing51   User is offline

  • D.I.C Head

Reputation: 2
  • View blog
  • Posts: 79
  • Joined: 26-August 11

App.config a better way to encrypt and use the data

Posted 12 September 2013 - 10:17 AM

So I've been looking at the solutions I have when it comes to using app.configs to save database info for an app, for todays world of simplicity and time is money concepts you honestly need to the entire constring in the app.config so that the user only has to input a username and password that is stored on the database and hit login.

As we all know that leaves the database and data highly vulnerable if some unauthorized user wants to go into the app.config and copy and past the info. So we have the ability to use a framework to encrypt the app.config file so that this isn't possible, but then we run into the issue of needing to decrypt then re-encrypt the app.config EACH TIME that constring is needed to transmit data.

My question is what other choices do we have when it comes to ease of use for the user and security for the database...

I've seen on older Microsoft products where a user and role is added to the database allowing you to login to the database with the same credentials used on your app. This works well as the app.config would only hold the server and database names the username and password credentials would be typed into the textboxes and probably then be placed in a global variable of sorts and placed into the constring before its sent off to the database and deleted once its expired (logged out or program is exited).

What I'm looking for something similar but slightly different, does anyone know of a way to instead of decrypting the entire file then re-encrypting each time the database is called, have a method inside the app to get the encrypted info from app.config once and decrypted the data internally before being sent to the reusable globals?

Hopefully I made this clear enough, if anyone has any better ideas or concepts please feel free to share.

Is This A Good Question/Topic? 0
  • +

Replies To: App.config a better way to encrypt and use the data

#2 modi123_1   User is online

  • Suitor #2
  • member icon



Reputation: 14095
  • View blog
  • Posts: 56,482
  • Joined: 12-June 08

Re: App.config a better way to encrypt and use the data

Posted 12 September 2013 - 11:00 AM

Yeah.. that exists already.. you can protect parts of the app.config

http://www.davidgiar...igSections.aspx
http://msdn.microsof...ionmanager.aspx
Was This Post Helpful? 1
  • +
  • -

#3 Bladewing51   User is offline

  • D.I.C Head

Reputation: 2
  • View blog
  • Posts: 79
  • Joined: 26-August 11

Re: App.config a better way to encrypt and use the data

Posted 16 September 2013 - 06:20 AM

Ok got it, by Directcasting the decrypted data to a variable of the same type (Which is type connectionstringsection) and then pointing to the arraylist that holds the constr in it I have been able to extract the encrypted values to another container whilst not continually writing the app.config file and leaving it constantly encrypted.

COde is below

Imports System.Configuration
Class MainWindow

    Dim decryptedinfo As ConnectionStringsSection

    Private Sub button_MouseLeftButtonDown(sender As Object, e As MouseButtonEventArgs) Handles button.MouseLeftButtonDown
        Dim appName As String = "ciphertest.exe"
        Dim config As Configuration = ConfigurationManager.OpenExeConfiguration(appName)
        Dim section As ConnectionStringsSection = TryCast(config.GetSection("connectionStrings"), ConnectionStringsSection)
        If section.SectionInformation.IsProtected Then
            section.SectionInformation.UnprotectSection()
            decryptedinfo = DirectCast(config.GetSection("connectionStrings"), ConnectionStringsSection)
            constr.Content = decryptedinfo.ConnectionStrings.Item(2).ToString
        Else
            section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider")
            decryptedinfo = DirectCast(config.GetSection("connectionStrings"), ConnectionStringsSection)
            constr.Content = decryptedinfo.ConnectionStrings.Item(2).ToString
        End If

        ' config.Save() Not used.

    End Sub
End Class



Was This Post Helpful? 0
  • +
  • -

Page 1 of 1