Secure SQL Login Info

Hi,
I am currently working on a program that will connect MySQL database using MyOLEDB Driver. I used

Dim

fdConAs

New

OleDb.OleDbConnection("Provider=MySQLProv;Data

Source=DATABASE;User Id=USERNAME;Password=PASSWORD;")

I am wondering is it secure to hard-code the username and password? If not, how could I secure these info?

Thanks in advance!

[595 byte] By [WonWon] at [2007-12-24]

«« Problem Installing Security Update
»» SQL Server 2005 Express on VISTA

# 1

No, it is not secure... Ideally you should prompt the user for these the first time your application loads and then store it using DPAPI. If you search around you'll find a few DPAPI libraries for .NET. Also, have a look at the Configuration Management Application Block/Enterprise Library which supports encrypted configuration.

WilliamBartholomew at 2007-8-31 >

top of Msdn Tech,Visual Basic,Visual Basic General...

# 2

I agree with William.

For detailed information on security uses see:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/THCMCh14.asp

This will provide a load of security information you may want to review and implement as appropriate. It also provides good examples and links to other areas.

For more information on DPAPI see:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnsecure/html/windataprotection-dpapi.asp

Thank you,

James

ReaSoftwareEngineering at 2007-8-31 >

# 3

Thank you so much!

Won Won

WonWon at 2007-8-31 >

Visual Basic Hot Topic

Visual Basic New Topic

Visual Basic

Java / MSDN / Linux Tech / PHP Tech / MSDN DotNet / MSDN TECH / Health Library / Programmers Tech / visual basic Tech / Developer Tech / Ipod faqs / Msdn China Tech