This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
Hi all
I have a connection string to connect to the database.
For Example:
Data Source=.;Initial Catalog=MyDatabase;Integrated Security=True
In Visual Studio, when the build software is created in the debug folder of the XML file, the connection string can be seen in the name of the same project in the file and in the connection string tag.
Or I can encrypt the connection string in the app.config file.
This is an idea that I want to store this connection string in a DLL file as encryption and call it in my project.
Or in any other way that professional teachers consider.
Please, considering that I am a beginner, give a suitable example along with the code sample.
Please, the sample codes should be in VB.NET language.
Thanks All
Hi
The encryption/decryption is straight forward, but, how to deal with the Emcryptyion Key - that must also be considered.
I have a small application that encrypts/decrypts a series of strings. I chose to do this to keep everything secure:
If any of that looks useful then just ask and I can post the code (its a reasonably small application). It has two Forms and a Module, a Log in Form and a display form - the module is the encrypt/decrypt code.. The display Form is where the encrypted data can be viewed/copied etc but ONLY with the known password. Your requirements is for a single string encryption socan easily also be stored in the My.Setting.
If you happen to use Forefox browser, then this application can make a safe copy of the inbuilt password manager passwordsand loggin data, but in any case would serve as an example.
Hi
I will be very grateful if you send the sample codes
Hi
I can post the code, however, please refer to the following post by @Sreeju Nair first as it may be more to your liking.
If you still want my code, then I will post it.
I was also about to post a link to another version created by a well known QnA contributor: HERE
Hi @LesHay
If possible, send me your code to study and learn.
To see and learn your codes and to ask my good friend @Sreeju Nair .
I could not find this link that sent by you.
Encrypting connection string in Web.config / app.Config is fully supported. Refer the following samples.
https://learn.microsoft.com/en-us/aspnet/web-forms/overview/data-access/advanced-data-access-scenarios/protecting-connection-strings-and-other-configuration-information-vb
https://social.technet.microsoft.com/wiki/contents/articles/52301.vb-net-secure-connection-string-for-windows-forms.aspx
Hope this helps
Thanks Dear @Sreeju Nair
52301.vb-net-secure-connection-string-for-windows-forms.aspx
This example is a bit difficult for me.
Is it possible to send me a code based on this example?
thanks for your kindness.
Hi @Sreeju Nair
In this link
52301.vb-net-secure-connection-string-for-windows-forms.aspx
And in the title Securing connection strings row one
Copy said project ConfigurationLibrary_vb
Where is this project?
Please help Me
Hi @Shahab a
In the past, I wrote an article about this in my blog. Read this here
https://weblogs.asp.net/sreejukg/securing-sections-in-web-config
Though it is using C#, It will be similar for VB also. Try and see whether it works. This is particularly for asp.net.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(256, 32%, 34%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EMT%3C/text%3E%3C/svg%3E)
The solution you are proposing to store the string in a DLL encrypted solves no security problems. It is wasted effort. You could store the connection string in your app and accomplish the same thing. But none of this really matters because you can easily extract encrypted strings from binaries just as easily as you can from the config file (which is where they normally reside). So you're just adding work that makes you think it is safer when it actually doesn't do anything.
If you must store sensitive data in your config file then encrypt the connection string as @Sreeju Nair mentioned. But bear in mind that anybody with a debugger can still get the unencrypted string.
If your app is deployed on a server and you are concerned about the server being compromised then store the sensitive data somewhere else such as in Key Vault or another third party "password" management system. Then have your app call that. But be aware that if you put calls directly into your app then anybody with access to it can do the same thing.
If you just want to keep sensitive data out of your source control then consider storing the data in Key Vault (or similar) or in environment variables on the server (or somewhere on the server more secure).
If your app is a client app then there is no place to store this data securely. In most cases it is better to have it call an API that then talks to the secure backend to get the data needed (e.g. a database). For per-user data you could store it in their per-user directory structure so others wouldn't have access (except admins) but it depends on what you're storing.
Thank you very much for your professional explanations.
My program is installed on the server and actually the connection string is the only connection with the software.
And I'm worried about compromising the data on the server.
If it is possible for you, please provide a sample code for this algorithm so that I can use it.
There is no algorithm. Since this is on a locked down machine then just store your connection string in your config like everybody else does. There is absolutely no security benefit in moving it to a DLL. That is just extra code you'll add that has 0 impact on security.
To store your connection string encrypted then follow the link that @Sreeju Nair posted. Once you do that then your connection string is encrypted in the config and that is about as secure as you're going to get on the server without using a third party tool like Azure Key Vault.
Hi @Michael Taylor
Yes, with your help, dear friends, I realized that there is no advantage in creating a DLL file.
Hi @Sreeju Nair
In this link
52301.vb-net-secure-connection-string-for-windows-forms.aspx
And in the title Securing connection strings row one
Copy said project ConfigurationLibrary_vb
Where is this project?
Please help Me.
Hi @Shahab a
https://github.com/karenpayneoregon/SecureConnectionStringsVisualBasic
https://github.com/karenpayneoregon/SecureConnectionStringsVisualBasic/tree/master/ConfigurationLibrary_vb
Hi @Sreeju Nair
I created a new project and added the two projects you see in the picture
But I put this line of code in form 1
Private operations As New ConnectionProtection(True, Application.ExecutablePath)
and see the following error
Severity Code Description Project File Line Suppression State
Error BC30002 Type 'ConnectionProtection' is not defined.
How to solve this error?
"See the instructions mentioned in the documentation":
Copy the project ConfigurationLibrary_vb to your Visual Studio solution. You can change the project name along with the project namespace before proceeding.
The following is the code for the class:
and the link for the whole project
include the project in your solution and add a reference to it, you should be able to clear the compile time error.