如何在WinForms应用程序中安全地存储连接字符串? [英] How to securely store a connection string in a WinForms application?
问题描述
我需要知道在VB.NET中为WinForms应用程序存储SQL Server连接字符串的常用方法是什么。
找到以下每个问题的答案:
- 如何阅读app.config值
- 如何在ASP.NET 参考:这个SO问题。
- 如何存储连接字符串(未加密,因此不安全)
我想要一个完整的答案,如何在 app.config
(或 settings.settings
,如果更好)安全地存储一个连接字符串。 / p>
是 app.config
正确的地方?我可以加密这些值吗?
简单的说,.net框架允许你这样做,见
http ://msdn.microsoft.com/en-us/library/89211k9b(v = vs80).aspx
相关信息:
进入 machine.config 文件:
< configProtectedData defaultProvider =RsaProtectedConfigurationProvider>
< providers>
< add name =RsaProtectedConfigurationProvider
type =System.Configuration.RsaProtectedConfigurationProvider,... />
< add name =DataProtectionConfigurationProvider
type = System.Configuration.DpapiProtectedConfigurationProvider,... />
< / providers>
< / configProtectedData>
这是应用程序代码:
Shared Sub ToggleConfigEncryption(ByVal exeConfigName As String)
'获取可执行文件名,而不带
'.config扩展名。
尝试
'打开配置文件并检索
'connectionStrings部分。
Dim config As Configuration = ConfigurationManager。 _
OpenExeConfiguration(exeConfigName)
Dim section As ConnectionStringsSection = DirectCast(_
config.GetSection(connectionStrings),_
ConnectionStringsSection)
如果section.SectionInformation.IsProtected然后
'删除加密。
section.SectionInformation.UnprotectSection()
Else
'加密该部分。
section.SectionInformation.ProtectSection(_
DataProtectionConfigurationProvider)'这是machine.config中的条目
如果
'保存当前配置。
config.Save()
Console.WriteLine(Protected = {0},_
section.SectionInformation.IsProtected)
Catch ex作为异常
Console.WriteLine(ex.Message)
结束尝试
End Sub
更新1
感谢@wpcoder,为此链接
I need to know what is the common way to store a SQL server connection string for a WinForms application in VB.NET.
I have searched the net and I found answers to each of the following questions:
- How do I read app.config values
- How to do it in ASP.NET Reference: this SO question.
- How do I store a connection string (unencrypted thus unsafe)
I would like a full answer on how to store a connection string in VB.NET in app.config
(or settings.settings
if it's better) securely.
Is app.config
the right place? Can I encrypt these values?
Simply , the .net framework allows you to do that , see
http://msdn.microsoft.com/en-us/library/89211k9b(v=vs.80).aspx
Relevant information:
This goes into the machine.config file:
<configProtectedData defaultProvider="RsaProtectedConfigurationProvider">
<providers>
<add name="RsaProtectedConfigurationProvider"
type="System.Configuration.RsaProtectedConfigurationProvider, ... />
<add name="DataProtectionConfigurationProvider"
type="System.Configuration.DpapiProtectedConfigurationProvider, ... />
</providers>
</configProtectedData>
And this is the application code:
Shared Sub ToggleConfigEncryption(ByVal exeConfigName As String)
' Takes the executable file name without the
' .config extension.
Try
' Open the configuration file and retrieve
' the connectionStrings section.
Dim config As Configuration = ConfigurationManager. _
OpenExeConfiguration(exeConfigName)
Dim section As ConnectionStringsSection = DirectCast( _
config.GetSection("connectionStrings"), _
ConnectionStringsSection)
If section.SectionInformation.IsProtected Then
' Remove encryption.
section.SectionInformation.UnprotectSection()
Else
' Encrypt the section.
section.SectionInformation.ProtectSection( _
"DataProtectionConfigurationProvider") 'this is an entry in machine.config
End If
' Save the current configuration.
config.Save()
Console.WriteLine("Protected={0}", _
section.SectionInformation.IsProtected)
Catch ex As Exception
Console.WriteLine(ex.Message)
End Try
End Sub
UPDATE 1
Thanks @wpcoder, for this link
这篇关于如何在WinForms应用程序中安全地存储连接字符串?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!