如何将数据库凭证提交到C＃应用程序而无需将其提交给源代码？ [英] How to get database credentials into a c# application without committing it to source code?

问题描述

我有一个初学者问题，希望很简单，但我似乎找不到一个简单的答案，我可以想象有几十种方法可以实现这一点。

I've got a beginners question that's hopefully easy, but I can't seem to find a straightforward answer, and I can imagine there's dozens of ways to accomplish this.

我有一个使用SQL身份验证连接到数据库的ac＃应用程序（所以我不能使用受信任的AD连接​​），并且我在源代码中使用了带有密码的硬编码连接字符串。不幸的是，我想将这个源代码提交给git版本控制，但我不想在源代码中输入密码。

I have a c# application that connects to a database using SQL authentication (so I can't use trusted AD connection) and I've got a hard-coded connection string with the password in the source code. Unfortunately, I want to commit this source code to git version control, but I do not want the password in the source code.

解决这个问题的标准方法是什么？我应该创建一个需要在运行时读取的配置文件吗？无论如何，这个编译到二进制文件，所以我可以分发它没有最终用户需要数据库凭据？

What's the standard way to resolve this issue? Should I create a config file that's required to be read at runtime? Is there anyway to have this compiled down into the binary so I can distribute it without end-users needing the database credentials?

谢谢

推荐答案

您不应该在源代码中存储密码或其他敏感数据，并且您不应该在开发和测试模式下使用生产机密。

you should never store passwords or other sensitive data in source code, and you shouldn't use production secrets in development and test mode.

最佳方法将在环境变量中存储敏感信息。检查此链接

Best Approach will be storing sensitive info in environment variables.check this link

其他选项将其保存到扩展名为.config的外部文件中，因为iis将忽略此文件也将此文件从源目录树中排除。 a href =https://www.asp.net/identity/overview/features-api/best-practices-for-deploying-passwords-and-other-sensitive-data-to-aspnet-and-azure = nofollow noreferrer>检查此链接

Other option save it into external file with extension .config as iis will ignore this file also exclude this file from source tree.check this link

这篇关于如何将数据库凭证提交到C＃应用程序而无需将其提交给源代码？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！