Database credential saved in memory.

Mashuk Raza 20 Reputation points
2024-06-05T06:44:07.43+00:00

Hello team,

While testing thick client application. I dumped the memory from task manager and process hacker tools and I got database credentials. So How can I mitigate this issues in C++, C# and .net application. Please suggest and explain in details so that we can share as reference to client.

.NET
.NET
Microsoft Technologies based on the .NET software framework.
3,534 questions
C#
C#
An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.
10,507 questions
C++
C++
A high-level, general-purpose programming language, created as an extension of the C programming language, that has object-oriented, generic, and functional features in addition to facilities for low-level memory manipulation.
3,600 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Minxin Yu 10,466 Reputation points Microsoft Vendor
    2024-06-05T07:45:37.3233333+00:00

    Hi,

    The credentials should be encrypted or protected using built-in functionality.

    Like the ADO.NET sample: Encrypting Configuration File Sections Using Protected Configuration

    App.config Example This example demonstrates how to toggle encrypting the connectionStrings section in an app.config file for a Windows application. In this example, the procedure takes the name of the application as an argument, for example, "MyApplication.exe". The app.config file will then be encrypted and copied to the folder that contains the executable under the name of "MyApplication.exe.config".

    Best regards,

    Minxin Yu


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.