Two protected-configuration providers are available in the. The suggested approach to encrypting configuration data is to use a protected-configuration provider. By default, the application configuration file stores its information unencrypted, as shown in Figure 5-4.įigure 5-5 An encrypted configuration file The app.config file stores connection strings as Extensible Markup Language (XML), and your application gets its connection information by querying this file at run time (as opposed to compiling the connection string into the application itself). As an alternative, you can use the application configuration file (app.config). Table 5-12 Connection String Keywords for Turning On Integrated SecurityĪs stated earlier, if you absolutely must use a connection string that contains sensitive information, do not store the connection string in the compiled application. Table 5-12 provides the key/value pairs to set in the connection string for implementing Integrated Security in the four. This ensures that the credentials used to open the connection are discarded and not stored where someone might be able to retrieve them. To further protect sensitive connection information when using Integrated Security, it is also recommended that you set the Persist Security Information keyword to False in the connection string. The suggested method of implementing security in applications that access data is to use Windows Authentication (also known as Integrated Security). Although this story isn’t specific to securing connection strings, it does provide insight into how important it is to lock down your sensitive data! I immediately realized that basically every employee was set up with an administrator account and had access to the entire network. My first task was to get familiar with the infrastructure of their company network. In another of my previous jobs (okay, I’ve had a few!), I took a position as a system administrator for a local mortgage company.
0 Comments
Leave a Reply. |