Database credential saved in memory.

Mashuk Raza 20 Reputation points
2024-06-05T06:44:07.43+00:00

Hello team,

While testing thick client application. I dumped the memory from task manager and process hacker tools and I got database credentials. So How can I mitigate this issues in C++, C# and .net application. Please suggest and explain in details so that we can share as reference to client.

Developer technologies C++
Developer technologies .NET Other
Developer technologies C#
{count} votes

1 answer

Sort by: Most helpful
  1. Minxin Yu 13,501 Reputation points Microsoft External Staff
    2024-06-05T07:45:37.3233333+00:00

    Hi,

    The credentials should be encrypted or protected using built-in functionality.

    Like the ADO.NET sample: Encrypting Configuration File Sections Using Protected Configuration

    App.config Example This example demonstrates how to toggle encrypting the connectionStrings section in an app.config file for a Windows application. In this example, the procedure takes the name of the application as an argument, for example, "MyApplication.exe". The app.config file will then be encrypted and copied to the folder that contains the executable under the name of "MyApplication.exe.config".

    Best regards,

    Minxin Yu


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.