Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I have program that connect to a SqlServer by predetermined username & password.
Ex:
static void Main(string[] args)
{
string UserName, Password;
UserName = "Name";
Password = "Pass";
SqlConnection conn = new SqlConnection("...");
}
How can I protect the password from decompilation?
Simply do not do that in the first place. The security system is designed to protect users from attackers who are trying to get the users to run bad code. It is not designed to protect your program from its users, which is what you are trying to do.
Hard-coding a user name and password into an executable is a worst practice, for multiple reasons. First, because it grants access to the database to people who have your program, not to people who are authorized. Second, it means that if you ever need to change the user name or password, then you need to re-ship the program. Third, if the password does get out, and it only needs to get out once, what happens? You have no way to restrict access to just the attacker.
A far better solution is to require that every user have their own account; make them type in the password. Or integrate the database access with some other identity-and-authorization scheme, like Windows authentication or whatever.