如何安全地存储在一个WinForms应用程序的连接字符串？ [英] How to securely store a connection string in a WinForms application?

问题描述

我需要知道什么是存储在VB.NET WinForms应用程序SQL Server连接字符串的常用方法。

I need to know what is the common way to store a SQL server connection string for a WinForms application in VB.NET.

我已经搜查了网，我找到了答案，每个以下的问题：

I have searched the net and I found answers to each of the following questions:

• 如何阅读的app.config值
• 如何做，在ASP.NET <子>参考：此等问题
• 如何存储连接字符串（未加密因而不安全的）

我想就如何存储在VB.NET一个连接字符串中的app.config （或 settings.settings ，如果是更好）的安全。

I would like a full answer on how to store a connection string in VB.NET in app.config (or settings.settings if it's better) securely.

是的app.config 正确的地方？我可以加密这些值？

Is app.config the right place? Can I encrypt these values?

推荐答案

简单地说，.NET框架允许你这样做，请参阅

Simply , the .net framework allows you to do that , see

<一个href="http://msdn.microsoft.com/en-us/library/89211k9b%28v=vs.80%29.aspx">http://msdn.microsoft.com/en-us/library/89211k9b(v=vs.80).aspx

相关信息：

这进入 machine.config中文件：

<configProtectedData defaultProvider="RsaProtectedConfigurationProvider">
  <providers>
    <add name="RsaProtectedConfigurationProvider" 
      type="System.Configuration.RsaProtectedConfigurationProvider, ... />
    <add name="DataProtectionConfigurationProvider" 
      type="System.Configuration.DpapiProtectedConfigurationProvider, ... />
  </providers>
</configProtectedData>

这是应用code：

And this is the application code:

Shared Sub ToggleConfigEncryption(ByVal exeConfigName As String)
    ' Takes the executable file name without the
    ' .config extension.
    Try
        ' Open the configuration file and retrieve 
        ' the connectionStrings section.
        Dim config As Configuration = ConfigurationManager. _
            OpenExeConfiguration(exeConfigName)

        Dim section As ConnectionStringsSection = DirectCast( _
            config.GetSection("connectionStrings"), _
            ConnectionStringsSection)

        If section.SectionInformation.IsProtected Then
            ' Remove encryption.
            section.SectionInformation.UnprotectSection()
        Else
            ' Encrypt the section.
            section.SectionInformation.ProtectSection( _
              "DataProtectionConfigurationProvider") 'this is an entry in machine.config
        End If

        ' Save the current configuration.
        config.Save()

        Console.WriteLine("Protected={0}", _
        section.SectionInformation.IsProtected)

    Catch ex As Exception
        Console.WriteLine(ex.Message)
    End Try
End Sub

这篇关于如何安全地存储在一个WinForms应用程序的连接字符串？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！