如何使sqlconnection.connectionstring无法访问。 [英] How to make sqlconnection.connectionstring not accessible.

问题描述

我想完全隐藏包含数据库连接的连接字符串< b< B =取代。如何不允许通过反向或查看sqlconnection字符串。



SqlConnection con = new SqlConnectin（constring）;

Messagebox.Show（con.ConnectionString）;



我尝试过：



加密和解密。在使用con之前清除Nd重新启用它。

解决方案

差不多，你不能。



连接字符串必须是文本，并且必须是可读的 - 这是使用C＃连接到服务器的唯一格式。这意味着无论你如何存储它，它都必须可以转换回人类可读的字符串，以便你的应用程序使用它！



这意味着转换机制必须以某种方式成为您应用的一部分，因此它永远不会是完全安全的。



您可以做的最好的事情是使用密钥对其进行加密，将其转换为Base64，以便将其存储在配置文件中，然后在连接之前使用相应的密钥在应用程序中反转该过程。

根据应用程序的部署方式，可以提供安全措施。将连接字符串保存在web.config或app.config中的转换变量中，以便仅在将应用程序部署到生产时注入实际生产连接字符串是一种方法。



如果不可用，加密字符串并将其保存在app.config或web.config中，并在连接之前在应用程序代码中解密它是另一种可能性。

I want to totally hide my connection string which contains database connection<b< b="">. How to not allow retriving or viewing of sqlconnection string via.

SqlConnection con= new SqlConnectin(constring);
Messagebox.Show(con.ConnectionString);

What I have tried:

Encryting and decrypting. Clearing Nd reinize it before using con.

解决方案

Pretty much, you can't.

The connection string has to be text, and has to be readable - that's the only format by which you can connect to a server using C#. Which means that regardless of how you store it, it has to be convertible back to a human readable string in order for you application to use it!

And that means that the conversion mechanism has to be part of your app in some way, so it can never be totally secure.

The best you can do is encrypt it using a key, convert it to Base64 so you can store it in a configuration file, and the reverse the process using the same key inside your app before you connect.

Depending on how your application is deployed can provide measures of security. Keeping the connection string in a transform variable in a web.config or app.config so that the real production connection string is only injected when the app is deployed to production is one method.

if that's not available, encrypting the string and keeping it in the app.config or web.config and decrypting it in the application code prior to connection is another possibility.

这篇关于如何使sqlconnection.connectionstring无法访问。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！