Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
this can be asked with webform or winform…
i have a .net program (exe) which needs to access a db. ( via internet )
ofcourse this db requires password and login.
What is the best practice of accesing the db which wont be seen with fiddler , reflector etc…?
i think the only solution is to use ssl + encrypting the connection string section and deCrypt it while runtime…
is there any better solution ?
If this is a .exe that is being run by an attacker then he can use a debugger to obtain the username/password. If this .exe is running on a machine you trust, and the attacker can only exist on the network then SSL is perfect.
A Defense In Depth approach is that you shouldn’t trust any part of your application unless you have to. When an attacker hacks your application, he is going to use your application’s functionally against you.
How this should be done is create an API, such as a RESTful or SOAP API to access the datastore. Vulnerabilities like SQL Injection will always be a serious concern, but giving the attacker a raw database connection is even worse.