0

I'm thinking if it's possible to implement Rijndael algorithm so that it can encrypt the connection string in the app.config file.

For example if I will run the program at first it will automatically change the connection string to an encrypted string.

CodeCaster
  • 147,647
  • 23
  • 218
  • 272
Believer
  • 182
  • 1
  • 13
  • What kind of security do you think this will add? – CodeCaster May 12 '16 at 09:33
  • @CodeCaster to be honest I'm on research/planning stage right now. – Believer May 12 '16 at 09:35
  • Alright let me revert the question: what are you trying to protect, from whom, in which situation? Also, what did your research show up? If you're going to distribute an application with an embedded connection string, then that string is not secure and trivially obtained from the running executable. – CodeCaster May 12 '16 at 09:35
  • I will distribute it to other users from other locations. – Believer May 12 '16 at 09:36
  • Then you should not let your application connect to the database directly. – CodeCaster May 12 '16 at 09:37
  • So the best way is to create a webservice? – Believer May 12 '16 at 09:37
  • Without any more information, I would hint towards that, yes. See also [Secure ConnectionString in WinForm Applications](http://stackoverflow.com/questions/7106565/secure-connectionstring-in-winform-applications). – CodeCaster May 12 '16 at 09:38
  • Okay here is the project info: The desktop application will get the username and password of the user and then be redirected to the website. So there is already existing database for the website using MYSQL and I will create desktop application to connect. – Believer May 12 '16 at 09:40
  • Can you please edit all that information into your question? – CodeCaster May 12 '16 at 10:01
  • @CodeCaster I think I'm leaning towards using webservice. I'll just create separate question later. – Believer May 12 '16 at 10:05
  • Just be sure to do your research first and not ask a question that has already been answered before, read [ask] for more information. – CodeCaster May 12 '16 at 10:22

1 Answers1

2

Rather than doing this yourself, you could use "Protected Configuration" to encrypt your configuration file.

Although this is primarily designed for use with ASP.Net, you can also use it for Windows Forms (and other) applications.

Here's a (fairly old) article about using Protected Configuration with a Windows Forms application on Code Project.

And here's a more recent article.

Matthew Watson
  • 104,400
  • 10
  • 158
  • 276
  • but Protected Configuration will only work on same network? what if I need to distribute it to users in different network? – Believer May 12 '16 at 09:33
  • @newuser1 The second link to an article (I just added) seems to suggest that you can use it for a distributed app. – Matthew Watson May 12 '16 at 09:42
  • Ok I'll look upon it. But will you suggest encryption after you read my conversation with CodeCaster? – Believer May 12 '16 at 09:44
  • @newuser1 No, I would not suggest using encryption in this way if it is possible to use an alternative, for the reasons outlined by CodeCaster. – Matthew Watson May 12 '16 at 10:32