I understand there are a lot of ways of encrypting an SQLConnection string so you can use it inside a VB.NET program to be able to connect to the SQL database without your connection string easily being read by people who disassembler/decompile the .exe itself.

I know this post: encrypt SQL connectionstring c#

talks about two main ways which are: Configuration Secure Section and also Enterprise Library Data Access Application Block

Now I have adapted the Configuration Secure Section where I have my connection string encrypted inside a app.config file which my program can decrypt to get the connection string. I know that this can only be decrypted on the same computer that it was encrypted on, which isn’t an issue.

My question though is how are these methods effective? Doesn’t someone just have to create a program on that computer that just uses the same practice to decrypt?

Even if I use Hashing and MD5 encryption or stuff like this, the decryption method is still inside my program that can be extracted from a Decompiler/Disassembler.

Is the only way for me to really protect my data is purchase some type of obfuscator and use that on my encryption/decryption code and hope for the best? or anyone know the best way?

What I have done is created a program that requires a username and password to login and then be able to perform SQL queries based off information that exists in the same database. I can’t use a website, it has to be done through a .NET program. This program is given out to a lot of my customers across the US. This means I really need some security behind this.