How to make hard coded connection string safe in an downloadable app.

Fredrik Olsen 20 Reputation points
2023-11-23T06:59:26.9266667+00:00

Hi!

I have an downloadable app, that need to be downloadable and started locally. This app works with my own database. So I have the connection string hardcoded in the app(I know this is bad practice, but have not found a way around it). So recently I have found that the connection string to database is easily found in dll/exe with reverse engineering.

So my question is, is there some way to use Azure key vault or other good solution. Where the app is still downloadable to have locally on computer, have access to the database but the connection string not hardcoded or at least close to impossible to reverse engineer from dll/exe?

Azure Key Vault
Azure Key Vault
An Azure service that is used to manage and protect cryptographic keys and other secrets used by cloud apps and services.
1,184 questions
Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,370 questions
{count} votes

Accepted answer
  1. 2023-11-27T17:13:45.8533333+00:00

    Hello @Fredrik Olsen , in order to avoid giving access to a database connection string from your local application you could move the database access workload to a custom API. APIS are best suited to store secrets such as password and connection strings. You application would authenticate and get authorized against your API which in turn would get authorized to gain access to KeyVault or better yet, directly to your database (provided is deployed in the cloud).

    Take a look to the following docs for more information:

    Let us know if you need additional assistance. If the answer was helpful, please accept it and rate it so that others facing a similar issue can easily find a solution.

    1 person found this answer helpful.
    0 comments No comments

0 additional answers

Sort by: Most helpful