Deployment config file - encrypt db string?

dcode · **Joined:** Sun Nov 06, 2005 8:22 pm **Posts:** 3

I've noticed that when compiling, a config file gets generated with the assembly (I am building web forms by the way).

This config file (assemblyname.exe.config) is the actual app.config and can contain sensitive data, such as the db connection string. It seems that the application to be deployed cannot run without this file (or I could be wrong?).

If thats the case, is there any way to encrypt the data within this file?

Thanks.

roniburd · **Posted:** Mon Nov 07, 2005 10:22 am

A possibility is to encrypt your config using DPAPI. In this scenario you should manually read and decrypt config entries and set them in the NH SessionFactory.

Here are some links for a DPAPI wrapper for C# and some articles:

http://www.gotdotnet.com/Community/User ... 900478C689
http://dotnetjunkies.com/WebLog/jdixon/ ... 17038.aspx

KPixel · **Posted:** Mon Nov 07, 2005 10:30 am

Well, this has nothing to do with NHibernate.

You may find answers on google: http://www.google.com/search?q=.NET%2Bconfig%2Bencryption

jnapier · **Joined:** Sat Sep 10, 2005 3:46 pm **Posts:** 178

I encrypt my connection string and specify it programmtically for NHibernate.

dcode · **Joined:** Sun Nov 06, 2005 8:22 pm **Posts:** 3

Thanks for your input guys.

Rather than encrypt the configuration file itself, I find it better to encrypt the data inside the configuration file as well, with that added security.

jnapier, how did you specify the connection string to NHibernate, since it reads directly from the config file?

dcode · **Joined:** Sun Nov 06, 2005 8:22 pm **Posts:** 3

roniburd wrote:

A possibility is to encrypt your config using DPAPI. In this scenario you should manually read and decrypt config entries and set them in the NH SessionFactory.

Actually this is great. I had a different impression when I first read your post, but went along to find that it proves to be quite useful.

Thanks for this roniburd.

jnapier · **Joined:** Sat Sep 10, 2005 3:46 pm **Posts:** 178

Specify the connection when you create the session factory.

Code:

//create a new configuration         
Configuration sessionConfiguration = new Configuration();
                  
//load up the assembly that contains the mappings file
AssemblyName libraryName = new AssemblyName();
libraryName.Name = this._configurationAssemblyName;
Assembly configurationAssembly = Assembly.Load(libraryName); 
                  
//configure the configuration with the specified configuration file 
sessionConfiguration.Configure(configurationAssembly, this._configurationResourceName);

//specify the connection string for the session factory - this could be done through configuration
//but we like to do this dynamically
sessionConfiguration.Properties.Add(Environment.ConnectionString, this._connectionString);

//create the factory
this._sessionFactory = sessionConfiguration.BuildSessionFactory();