JWLato wrote:
If you're using ASP.Net 2.0, the MSDN has information on how to encrypt sections of config files.
http://msdn2.microsoft.com/en-us/library/ms998280.aspxSince a desktop client was mentioned, i assume there is no ASP.Net involved.
If you want to deploy the connection information onto the client, you dont really have any valid choice to encode the password. Even if you encode it, you must supply the application with a way to decode it, and once it is decoded, you can extract it quite easy from the memory.
Even using the tecnique mentioned above will only allow you to place the password into the user data store or the machiene store. Both places will allow the current user to extract the password on the pc where it is used. Also playing the password into the user store, will require you to send a "plaintext connection" to the client machiene, so it can be placed into the datastore. (You can not encrypt it prior to deployment, since the key used to encrypt it is unknown and different for each pc/user)
So whats left if you want to "secure your password"?
Basically you will be forced to either use integrated security, or you will need to move your data-acess to another server...
I would take a look at the current solution and use it. But I would leave a remark that (most likely) the connection information is available on the client... Since it most likely will be exposed, you should consider setting the rights for the user correctly.
Hope this makes sense...
Login
FAQ
Search