如何在WinForms应用程序中安全地存储连接字符串? [英] How to securely store a connection string in a WinForms application?

查看:97
本文介绍了如何在WinForms应用程序中安全地存储连接字符串?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我需要知道在VB.NET中为WinForms应用程序存储SQL Server连接字符串的常用方法是什么。



找到以下每个问题的答案:




  • 如何阅读app.config值

  • 如何在ASP.NET 参考:这个SO问题

  • 如何存储连接字符串(未加密,因此不安全)



我想要一个完整的答案,如何在 app.config (或 settings.settings ,如果更好)安全地存储一个连接字符串。 / p>

app.config 正确的地方?我可以加密这些值吗?

解决方案

简单的说,.net框架允许你这样做,见



http ://msdn.microsoft.com/en-us/library/89211k9b(v = vs80).aspx



相关信息:



进入 machine.config 文件:

 < configProtectedData defaultProvider =RsaProtectedConfigurationProvider> 
< providers>
< add name =RsaProtectedConfigurationProvider
type =System.Configuration.RsaProtectedConfigurationProvider,... />
< add name =DataProtectionConfigurationProvider
type = System.Configuration.DpapiProtectedConfigurationProvider,... />
< / providers>
< / configProtectedData>

这是应用程序代码:

  Shared Sub ToggleConfigEncryption(ByVal exeConfigName As String)
'获取可执行文件名,而不带
'.config扩展名。
尝试
'打开配置文件并检索
'connectionStrings部分。
Dim config As Configuration = ConfigurationManager。 _
OpenExeConfiguration(exeConfigName)

Dim section As ConnectionStringsSection = DirectCast(_
config.GetSection(connectionStrings),_
ConnectionStringsSection)

如果section.SectionInformation.IsProtected然后
'删除加密。
section.SectionInformation.UnprotectSection()
Else
'加密该部分。
section.SectionInformation.ProtectSection(_
DataProtectionConfigurationProvider)'这是machine.config中的条目
如果

'保存当前配置。
config.Save()

Console.WriteLine(Protected = {0},_
section.SectionInformation.IsProtected)

Catch ex作为异常
Console.WriteLine(ex.Message)
结束尝试
End Sub

更新1



感谢@wpcoder,为此链接


I need to know what is the common way to store a SQL server connection string for a WinForms application in VB.NET.

I have searched the net and I found answers to each of the following questions:

  • How do I read app.config values
  • How to do it in ASP.NET Reference: this SO question.
  • How do I store a connection string (unencrypted thus unsafe)

I would like a full answer on how to store a connection string in VB.NET in app.config (or settings.settings if it's better) securely.

Is app.config the right place? Can I encrypt these values?

解决方案

Simply , the .net framework allows you to do that , see

http://msdn.microsoft.com/en-us/library/89211k9b(v=vs.80).aspx

Relevant information:

This goes into the machine.config file:

<configProtectedData defaultProvider="RsaProtectedConfigurationProvider">
  <providers>
    <add name="RsaProtectedConfigurationProvider" 
      type="System.Configuration.RsaProtectedConfigurationProvider, ... />
    <add name="DataProtectionConfigurationProvider" 
      type="System.Configuration.DpapiProtectedConfigurationProvider, ... />
  </providers>
</configProtectedData>

And this is the application code:

Shared Sub ToggleConfigEncryption(ByVal exeConfigName As String)
    ' Takes the executable file name without the
    ' .config extension.
    Try
        ' Open the configuration file and retrieve 
        ' the connectionStrings section.
        Dim config As Configuration = ConfigurationManager. _
            OpenExeConfiguration(exeConfigName)

        Dim section As ConnectionStringsSection = DirectCast( _
            config.GetSection("connectionStrings"), _
            ConnectionStringsSection)

        If section.SectionInformation.IsProtected Then
            ' Remove encryption.
            section.SectionInformation.UnprotectSection()
        Else
            ' Encrypt the section.
            section.SectionInformation.ProtectSection( _
              "DataProtectionConfigurationProvider") 'this is an entry in machine.config
        End If

        ' Save the current configuration.
        config.Save()

        Console.WriteLine("Protected={0}", _
        section.SectionInformation.IsProtected)

    Catch ex As Exception
        Console.WriteLine(ex.Message)
    End Try
End Sub

UPDATE 1

Thanks @wpcoder, for this link

这篇关于如何在WinForms应用程序中安全地存储连接字符串?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆