Erm's I.T. Girl – Zelna Ellis

Don't fear when Zel is near…

.NET & MySQL – Part 6

MySQL Connection Strings

Software used:

Read more about connection strings at Connectionstrings

One way is to use the Application Configuration File.

  • Right click on the Solution Project Name and select Properties.
  • Select Settings.
    Name: Give it a name
    Type: Choose (Connection String)
    Scope: Application
    Value: You can manually type the values or click on the eclipses to open the dialog box to fill in it. E.g.: server=localhost;user id=jdoe;database=test;encrypt=true;

Application Config
Note:
Only use encrypt=true if SSL is enabled in the MySQL Server and the users SSL options are set.

I recommend that you do not store the password, through a log-in screen you can prompt the user for the password and construct the connection string together with the values of the app.config to connect to the database.

What is also important is that the file must be stored at a secure folder, which is only accessable by the PC Admin.
Typically this would be: C:\Document and Settings\Your User Name\Local Settings\Appication Data\Your Application Name\

Some more options:

  • Write it to the Windows’ registry
  • Write it to a custom file (e.g. XML File)

More suggestions:

  • Encryption/Decryption
    There are various ways you can encrypt the XML File (App.Config file is also in XML Format). For more information read the MSDN Documentation.
  • Hashing
    Passwords are Encrypted and never Decrypted, hence hashing. Once a password is Encrypted and stored in the database, you will never decrypt the retrieved password from the database. If you want to check if the password that the user entered matches, you encrypt the password that the user entered and compare it with the encrypted password stored in the database.

Conclusion
This post has briefly discussed various options regarding security, specifically looking at connection strings.
Besides the connection strings it is important to secure the MySQL Server as well as the Operating System.
I truly believe that no system is "Bullet Proof!" You can only make it more difficult…


Previous Posts:
.NET & MySQL Part 1 A list of software required as well as optional software that can be used.
.NET & MySQL Part 2 Install MySQL Server
.NET & MySQL Part 3 Install PHP on Windows XP IIS Server
.NET & MySQL Part 4 Setup MySQL Connection String for a Windows application using VB.NET.
.NET & MySQL Part 5 MySQL and OpenSSL.

1 April 2009 - Posted by | .NET & MySQL | , , ,

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: