Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have found a few resources that tell me causing a SQL Compact DB to be encrypted is as simple as specifying a password in the connection string. But, I am not comfortable leaving that password in my web.config file. I know I can supply a connection string for a DbContext dynamically, at runtime, but even there, I’m still including a plain text password in the connection string. How can I minimise points in my code where this password is vulnerable?
Why do you fear having the password on a server?
Most systems, e.g. Rails in a database.yml file, store their connection somewhere.
But what you can do to protect it is to create a encryption.dat file which holds your connection. In your web.config file you just place the “name” of the connection, and then you need a class that can encypt/decrypt your connection string and put it in place on runtime.
A sample project you can find here: http://www.codeproject.com/Articles/14150/Encrypt-and-Decrypt-Data-with-C
But this won’t give you 100% security and I doubt it is worth the effort. Better make sure your windows saver is secured correctly so no one can access it without permission.