如何安全地存储在一个WinForms应用程序的连接字符串? [英] How to securely store a connection string in a WinForms application?
问题描述
我需要知道什么是存储在VB.NET WinForms应用程序SQL Server连接字符串的常用方法。
I need to know what is the common way to store a SQL server connection string for a WinForms application in VB.NET.
我已经搜查了网,我找到了答案,每个以下的问题:
I have searched the net and I found answers to each of the following questions:
- 如何阅读的app.config值
- 如何做,在ASP.NET <子>参考:此等问题 。 LI>
- 如何存储连接字符串(未加密因而不安全的)
我想就如何存储在VB.NET一个连接字符串中的app.config
(或 settings.settings 一个完整的答案code>,如果是更好)的安全。
I would like a full answer on how to store a connection string in VB.NET in app.config
(or settings.settings
if it's better) securely.
是的app.config
正确的地方?我可以加密这些值?
Is app.config
the right place? Can I encrypt these values?
推荐答案
简单地说,.NET框架允许你这样做,请参阅
Simply , the .net framework allows you to do that , see
<一个href="http://msdn.microsoft.com/en-us/library/89211k9b%28v=vs.80%29.aspx">http://msdn.microsoft.com/en-us/library/89211k9b(v=vs.80).aspx
相关信息:
这进入 machine.config中文件:
<configProtectedData defaultProvider="RsaProtectedConfigurationProvider">
<providers>
<add name="RsaProtectedConfigurationProvider"
type="System.Configuration.RsaProtectedConfigurationProvider, ... />
<add name="DataProtectionConfigurationProvider"
type="System.Configuration.DpapiProtectedConfigurationProvider, ... />
</providers>
</configProtectedData>
这是应用code:
And this is the application code:
Shared Sub ToggleConfigEncryption(ByVal exeConfigName As String)
' Takes the executable file name without the
' .config extension.
Try
' Open the configuration file and retrieve
' the connectionStrings section.
Dim config As Configuration = ConfigurationManager. _
OpenExeConfiguration(exeConfigName)
Dim section As ConnectionStringsSection = DirectCast( _
config.GetSection("connectionStrings"), _
ConnectionStringsSection)
If section.SectionInformation.IsProtected Then
' Remove encryption.
section.SectionInformation.UnprotectSection()
Else
' Encrypt the section.
section.SectionInformation.ProtectSection( _
"DataProtectionConfigurationProvider") 'this is an entry in machine.config
End If
' Save the current configuration.
config.Save()
Console.WriteLine("Protected={0}", _
section.SectionInformation.IsProtected)
Catch ex As Exception
Console.WriteLine(ex.Message)
End Try
End Sub
这篇关于如何安全地存储在一个WinForms应用程序的连接字符串?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!