All geek questions in one place

Securely connecting to mySQL database in C #

I'm new to C #, I do a bunch of things, but I miss many basics. In any case, I make a program in which the user must log in, and then checks whether the entered password matches the name specified in the database.

In any case, I know that there are ways to enter the code of the compiled program, and I would like to know if there is anything that I have to do to make sure that no one can see the information about entering MySQL data in some way way.

thanks

+4
source share
4 answers

There are many different ways to Protect connection information depending on your requirements and requirements.

One simple rule, never include database connection strings in compiled code !!!

Some links
Protect Connection Information
SO - Connection string encryption in ASP.Net NON applications
MSDN Connection String Protection

In addition to the questions raised in the comments.
Secondary or ANY string configuration, you should also restrict application access to the database using Role Access Access Control to reduce the permissions granted to the application and the Sql procedures or commands that it can execute to a minimum.

+6
source

The only way to prevent people from seeing your credentials in the MySQL connection string is to use a three-tier architecture, where you have a web server or service running on a server that contains a connection string and executes database queries. Your client applications will interact with the web server / service.

+2
source

I agree with Lloyd.

In addition to the security aspect, storing the connection string from compiled code means that if you need to change it for some reason, you do not need to recompile and redeploy the code. Often you do not know that someone messed up the name or the name of the database or credentials until your site stops working. In the middle of the night.

+1
source

I thought this would be a problem for my program. So I create a PHP file to process the POST data and return a response. Where in the PHP file on my side is the database connection, as well as only data with limited data to my C # program. Then the C # program reads the response and receives the corresponding data. This will make the program itself perform HTTP POST and do not know the database user and password. Also give me the ability to control what data can be sent to the C # program.

0
source

Source: https://habr.com/ru/post/1397212/

More articles:


All Articles