Im working in c#, I'm using mysql .net connector to interact with a remote mysql db. Is it safe to include the connection string inside the code and work with the db directly through the command object or should I be posting to a php middle layer to hide the connection string?
Thanks in advance.
In my opinion:
You shouldn't put Your connection
string directly in Your C# code if
Your application could be
decompiled = I mean WinForms application.
If You are working on a Windows
application, then try to implement a
log-in window. Where user will pass
his/her user name and password. This
solution needs a mysql user or users
for every person that would have
access to the system.
If Your are working on a web
application, then put You connection
string inside web.config file.
If You are working on application
with unrestricted access, then I
think You should implement some
layer... but remember, never pass
SQL queries as plain text via
network, as someone could sniff it.
I would recommend some kind of
webservice.
Then the connection string is just stored in the PHP middleware layer, so what's the difference? It has to be stored somewhere.
I would keep it simple and store it in the app.config or web.config of the C# app your writing.
Couple notes about storing it:
- Production connection strings should not be stored in version control.
- A production configuration file should exist on the production servers with the connection string.
- For added security, you can encrypt your connection string (http://msdn.microsoft.com/en-us/library/89211k9b(v=vs.80).aspx)
Related
I've got some desktop experience, but am (brand) new to web programming. I've built a well-received C# WPF desktop app that stores data in a local (on user's desktop) SqlLite DB. I'd like to transition the app to remote data storage, probably with a MS SQL Server DB, hosted by a web-host service provider. One database there would hold all the various users data, access controlled by their own username/password.
In fact I've already done that as an experiment, and it functions. My concern is security: at the moment my in-code connection string just uses my db account/password. I'm not such a newb to know that's not a good idea. There must be a standard way to move that private information out of the code and into a sort of relay between the app code and the db. But I don't know the terminology, or what to ask for, despite a day of googling. So:
(1) User requests data save, say
(2) App sends SQL statement and user credentials to relay.
(3) Relay checks credentials against db records (using my db credentials, but that's ok, they're at least not stored in the apps's source code)
(4) Assuming ok, forward sql statement to db.
Is (something like) this a thing? What's it called? Or is there some other standard way to achieve the goal of keep my connection string completely out of the code? Where do I begin reading about how to implement it? How would I know if my web-host would support such a thing?
From the point of view of web-app operations, your connection string, from your dotnet app to your RDBMS server, is considered a secret. That means it's data you retrieve from a configuration file, and is never checked in to your git or other source control system. That connection string contains your RDBMS username and password, along with stuff like the name of your database and the server where it runs.
(If you did check in an RDBMS connection string to source control for any machine other than localhost, change that password. Do it now. Cybercreeps troll github looking for connection strings to steal and use for nefarious purposes. )
Dotnet web apps have a configuration file. It's an XML file called web.config. Connection strings go into that file in an XML stanza looking like this
<configuration>
<connectionStrings>
<add name="Name"
providerName="System.Data.ProviderName"
<!-- When deploying to production,
replace this connection string with one
to connect the production data base. -->
connectionString="Valid Connection String;" />
</connectionStrings>
</configuration>
Here's some info about retrieving that kind of connection string from your dotnet program..
I've had good luck putting a globally useless locally useful localhost connection string in that file, with some xml comments explaining that it needs to be edited when putting the web app on a public server. My example shows such comments.
It's also possible to edit a connection string with the web server's IIS Manager app. This setup -- either web.config or IIS Manager -- has good security.
The scheme you outlined is more complex than you need unless, heaven forbid, every one of your customers has a different connection string.
I have googled for a long time for ways to secure the SQL connection string stored in a Winforms app. Encrypting the app.config (connection string included) of a Winforms app could be useful; however, it is not as safe as a webform app since the app is installed on user's PC. Any malicious users who want find out the connection string can reverse-engineer the app using the locally saved certificate to decrypt out the connection string.
Recently, I think of a possible way for protecting my connection string.
It is like this:
I'll create a read-only user and a read-write user using MS SQL Server Management Studio. The readonly user's connection string is located in the resource properties unencrypted. It is used to connect to SQL Server and check for the login passwords into my app.
Once the password has been checked, I will call a user defined SQL function (secret key included) which input is a ciphertext and return me the connection string to login the SQL Server with the read-write user account.
Will someone view my secret key hid in the user-defined function? Will this work to protect my connection string for logging in the read-write user account?
Thanks for all your answers. After watching TimCorey's YouTube video (https://www.youtube.com/watch?v=rFncI9yfY-E), I think I am sort of knowing that my idea is too simple. Using stored procedures in a SQL server should be a safer choice than the user defined function.
Here I would like to make a summary, as suggested by Mouse Power and Charlieface, for a win-forms app to connect to a SQL server with more safety, we can get data from a SQL server either through:
(1) executing stored procedures (with limited permission) or through
(2) web APIs wherein SQL connections are made within the server.
Conventional encryption(using ASPNET_REGIIS) of connection string in web.config of a web-forms app can not be applied directly to the app.config of a winforms app. This is because the app.config and its encrypted key are both located on the client side, so it is difficult to prevent any malicious users using reverse-engineering to crack out the connection string. Nevertheless, encrypting the connection string using a key hidden somewhere (in codes, file, or resource) is still suggested, as a preliminary protection.
Using a separate account for each connection may also be an option, but this may make the programming of SQL connections relatively more complicated.
I have a SQL Server database hosted on Azure. I need to write data from multiple PC users that are using WPF app to this database.
Assuming that WPF app is used by multiple users is it safe to save connection string in app.config file? What are the best practices for saving data from a Windows app into a shared database?
I'm afraid that users can manipulate data by utilizing connection string stored in app.config.
Assuming that WPF app is used by multiple users is it safe to save
connection string in app.config file?
IMHO, it is never safe to store connection string in plain text. You're absolutely correct that users can connect to the database outside of your application and cause some serious damage to your database.
A few things that come to my mind are:
Encrypt the connection string and use that instead of storing connection string unencrypted.
Use Azure AD based access control. Recently Azure team announced availability of connecting to a SQL Database using Azure AD credentials. This way you can authenticate the users before they connect to your database. You can read more about it here: https://azure.microsoft.com/en-in/documentation/articles/sql-database-aad-authentication/.
You may also find the following article useful in securing your Azure SQL Database: https://azure.microsoft.com/en-us/documentation/articles/sql-database-security-guidelines/.
I am working on upgrading an existing winform app with some mobile clients and would really like to put the SQL into Azure instead of the current local SQL solution. I would then change the connection string in the app.config file to point to Azure.
At present one of my biggest concerns is security and therefore I would like to secure the connection string (through encryption...) so that it can't be viewed locally in the app.config file.
Does anyone know how I should go about encrypting some or all of the app.config file to key the connection string our of sight. I have assumed that since Azure SQL uses SSL I don't need to worry too much about how secure it is when the request is actually being made from the winform app to Azure.
Any help much appreciated.
Jason.
Having SQL Azure connectionstring in a app either on desktop or mobile makes no sense. The server become vulnerable as anyone can decrypt the connection string if your app can. Some other issues that i can think of would be
Changing the SQL Server location become problematic as you have location available on each client config file.
Rights management has to be done for each user who you want to provide database access.
You need to look at building an intermediate layer such as OData endpoint or Web API end point which involves a server framework like using ASP.Net.
Also look at Azure Mobile Services which can provision a database and a server component to support standard CRUD operation and host of other features.
Warning: this is not a save solution!
You can store your credentials in an encrypted file and then connect to the database by reading and decrypt the credentials from that file.
Tutorial on file encryption: look here
Connect to database:
string connectionString = myconnectionstringReadedFromFile;
//
// In a using statement, acquire the SqlConnection as a resource.
//
using (SqlConnection con = new SqlConnection(myconnectionstringReadedFromFile))
{
//
// Open the SqlConnection.
//
con.Open();
//.... your stuff
}
I'm pretty new to C#, I've been doing a bunch of stuff but I'm missing a lot of basics.
Anyways, I'm making a program where the user has to log in and and then it checks if the entered password is the same as the one on the database.
Anyways, I know that there's ways to get get into the code of a compiled program and I wanted to know if there's anything I should do to make sure that nobody can see the login info of the MySQL data somehow.
Thanks
There are many different ways you can Protect Connection Information depending on your specifications and requirements.
One simple rule, never include database connection strings in compiled code!!!
Some Links
Protect Connection Information
SO - Encrypt connection string in NON ASP.Net applications
MSDN Securing Connection Strings
Further to a questions raised in the comments.
Secondary to ANY connection string configuration you should also limit the applications access to the Database by using Role Base Access Control to reduce the permissions granted to the application and the procedures or Sql commands it can execute to a bare minimum.
The only way to prevent people from seeing your MySQL connection string credentials would be to use a three tiered architecture where you have a webserver or service running on a server which holds the connection string and makes the requests to the database. Your client applications would communicate with the with the webserver/service.
I agree with Lloyd.
In addition to the security aspect, keeping the connection string out of compiled code means that if you need to change it for some reason, you don't have to recompile and redeploy your code. Often, you don't know that someone messed up the server name or database name or credentials until your site suddenly stops working. In the middle of the night.
I was thinkinging this would be an issue with my program, So I am makeing a PHP file to process POST data and return a response, Where the PHP file on my sever side holds the Database connection as well as only return's limited data to my C# program. And the C# program then read's the response and get's the appropriate data. This will make it so the program it's self does a HTTP POST and doesn't know the database user and password. As well as give's me control over what data can be sent to the C# Program.
There is no way to hide your connection credentials from someone that can get into your code using some ILSpy like intrusion.
«Intruder» can see anything needed to find them. For example he/she can see how you decrypt the (so called...) encrypted xml and use the same method.
The only way to hide user credentials is in database itself, where the user has no access.
Explain: If user has to enter its own credentials to login to database, the credentials will be checked by the database server, so no credentials are exposed in your app residing in user's machine. And user cannot see other's credentials.
So:
Create the users in the database as database users.
Allow them to access any tables they should access.
In your program:
Ask user for credentials.
Check if you can connect to database with those credentials.