Home | Contact Us | FAQ | Search & Site Map | Link to Us
Sign In | Join | Other 45 Sites in Network
HomeAnnouncementsFree MagazinesWhite PapersSubmit Content
Discussion GroupsASP.NETWindows FormsLanguages.NET FrameworkVisual Studio.NET
Articles.NET FrameworkASP.NETToolsWindows Forms
.NET DirectoryOpen Source ProjectsUser GroupsWeb Resources
Related Topics
Visual Basic 6SQL ServerMS AccessOther DB ProductsMS Server ProductsMore Topics ...
.NET Forum / .NET Framework / General / November 2004

Tip: Looking for answers? Try searching our database.

Where to store database connection info???

Thread view: 
Enable EMail Alerts  Start New Thread
Thread rating: 
faktujaa - 30 Oct 2004 02:30 GMT
Hi,
Currently im storing the connection info. in XML file on the C drive. the
only problem with this is that anybody can open and check the database name.
I know encryption can solve this problem but still im concerned whether this
is the right place to store connection info as in earlier project that was in
C++, we use to store the connection info. in registry but the problem with
this approach is that your application becomes windows dependent?? Any help
on this is highly appreciated.
Thanks in advance.
faktujaa
Reply to this Message
Alex Korchemniy - 30 Oct 2004 05:33 GMT
Is it really *necessary* to hide the name of the server??? :confused:  Its a
snap to find out what where the server is running. I guess the only reason to
hide is it you also have your passwords in there which isn't a good idea.

--
This posting is provided "AS IS" with no warranties, and confers no rights.
Alex Korchemniy

> Hi,
> Currently im storing the connection info. in XML file on the C drive. the
[quoted text clipped - 6 lines]
> Thanks in advance.
> faktujaa
Reply to this Message
faktujaa - 01 Nov 2004 18:33 GMT
Hi,
U r right but i meant the entire connection info that will also contain user
id and password in case of oracle database. And now to main question, how
safe it is to store this info in a file on a C drive(ofcourse in the
encrypted format)??? Or is there any best alternative that im not aware
of???? plez help me security GURUS.
Thanks in advance,
faktujaa

> Is it really *necessary* to hide the name of the server??? :confused:  Its a
> snap to find out what where the server is running. I guess the only reason to
[quoted text clipped - 14 lines]
> > Thanks in advance.
> > faktujaa
Reply to this Message
Alex Korchemniy - 01 Nov 2004 21:49 GMT
If you are going to encrypt the username and password you will have to store
the key somewhere anyway. Make sure your key is stored safely. Security by
obsurity means that someone can find the key and later use it to decrypt the
username and password.

---
This posting is provided "AS IS" with no warranties, and confers no rights.
Alex Korchemniy

> Hi,
> U r right but i meant the entire connection info that will also contain user
[quoted text clipped - 23 lines]
> > > Thanks in advance.
> > > faktujaa
Reply to this Message

Free Magazines

Get these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...

Oracle MagazineNetwork ComputingComputer WorldBio-IT WorldeWeekInformation WeekInfosecurity
 
Sign In
Join
My Latest Posts
My Monitored Threads
My Blog
My Photo Gallery
My Profile
My Homepage
Start New Thread
Enable EMail Alerts
Rate this Thread



©2009 Advenet LLC   Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.