连接字符串安全性C# [英] Connection String Security C#
问题描述
我创建了一个使用mysql验证用户登录名的c#程序.在纯C#程序中隐藏连接字符串是否有必要?如果是,请给我参考.
i create a c# program that use mysql to verify user login.I googled about connection string security and every thing was about web.config file. Is that necessary to hide connection string in pure c# program?if yes, please give me reference to do that.
我对我的代码进行加密,是否足以保护程序中的连接字符串?
I encrypt my code, is that enough to protect connection string in my program?
private static MySqlConnection myConnection = new MySqlConnection("sample connection string");
解决问题后进行小我发现有文章和项目可以对为连接字符串设计的 App.config 进行加密,您可以对其进行检查
tiny edit after solve the problem:
I find goof article and project to encrypt App.config designed for connection string that you can check it here
推荐答案
您可以引用保护连接字符串.
您应该加密配置文件,以便用户名和密码不会以明文形式显示.
you should encrypt the configuration file so that the user name and password are not exposed in clear text.
因此,将连接字符串放在配置文件中并进行加密是确保连接字符串安全的一种方法.
So putting the connection string in the config file and encryting it is one way to make your connection string secure.
加密配置文件
您还可以将连接字符串存储在配置文件中,该配置文件无需将它们嵌入到应用程序的代码中.配置文件是.NET的标准XML文件.框架定义了一组通用的元素.连接字符串配置文件通常存储在Windows的app.config中的元素应用程序或ASP.NET应用程序的web.config文件.
You can also store connection strings in configuration files, which eliminates the need to embed them in your application's code. Configuration files are standard XML files for which the .NET Framework has defined a common set of elements. Connection strings in configuration files are typically stored inside the element in the app.config for a Windows application, or the web.config file for an ASP.NET application.
MSDN参考:
这篇关于连接字符串安全性C#的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
