SQL连接安全性 [英] Sql connection security
本文介绍了SQL连接安全性的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
嗨朋友们,
我使用下面的代码连接到我网站上的数据库:
string tempstr = 数据源= + 72.55。--- .--- + ; Initial Catalog = -------; Integrated Security = False; Persist Security Info = True; User ID = + MYUSER + ;密码= + MYPASS ;
SqlConnection con = new SqlConnection(tempstr);
con.Open();
足够安全吗?或者不是专业黑客的人可以捕获从他/她的计算机发送到我的数据库的用户名和密码!?
提前感谢。
解决方案
你可以加密你的连接字符串
检查以下
http://msdn.microsoft.com/en-us/library/89211k9b(v=vs .80).aspx [ ^ ]
加密Windows窗体应用程序的app.config文件 [ ^ ]
我从来没有真正担心过,因为Connecti onString在我的Web服务器上的编译代码中。但是,如果您真的那么担心,请编写一个小程序来加密ConnectionString,创建加密ConnectionString的Byte数组,您可以将其粘贴到您的网站源代码中。在您的网站源代码中,在将加密的ConnectionString传递给SQL Server之前对其进行解密。
文档中有一些例子。请参阅 TripleDESCryptoServiceProvider类 [< a href =http://msdn.microsoft.com/EN-US/library/vstudio/system.security.cryptography.tripledescryptoserviceprovider(v=vs.100).aspx\"target =_ blanktitle =New Window > ^ ]
Hi friends,
I use the code bellow to connect to my database on my website:
string tempstr = "Data Source=" + "72.55.---.---" + ";Initial Catalog=-------;Integrated Security=False;Persist Security Info=True;User ID=" + "MYUSER" + ";Password=" + "MYPASS";
SqlConnection con = new SqlConnection(tempstr);
con.Open();
Is it secure enough ? or someone who is not professional hacker can capture the username and the password which is sent from his/her computer to my database !?
thanks in advance.
解决方案
you can encrypt your connection string
Check following
http://msdn.microsoft.com/en-us/library/89211k9b(v=vs.80).aspx[^]
Encrypting the app.config File for Windows Forms Applications[^]
I''ve never really worried too much about that because the ConnectionString is in compiled code on my web server. However, if you are really that concerned, write a small program to encrypt your ConnectionString creating a Byte array of the encrypted ConnectionString that you can paste into your web site source code. In your web site source code, decrypt the encrypted ConnectionString before passing it to the SQL Server.
There are examples in the documentation. See TripleDESCryptoServiceProvider Class[^]
这篇关于SQL连接安全性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
