Encoding the Connection String
(Page 1 of 5 )
String connection information is used while connecting to databases, and sometimes stored in a web.config file. If that file is in clear text, it represents a security risk for the database. This article describes a simple way to encode that text to help keep the information out of dangerous hands.
Introduction
Examples of storing connection information while connecting to databases were shown in a previous tutorial, available here. The connection string information was stored in a web.config file. However the string was stored in an easily readable XML file in clear text. All that is needed to hack a database would be available if one were to get access to the web.config file. It is essential therefore to make it harder to read this file to protect against such an eventuality. This tutorial discusses one method of obfuscating this information from prying eyes. However it is not infallible.
Base64 Encoding
Base64 encoding is a method of converting a piece of text (string) which can be read and comprehended into a string which looks as if it has been worked over (messed up). However, it can be carefully formatted back into a readable form with enough time. The process of decoding is the reverse of this process.
Visual Studio .NET with its System.Text.ASCIIEncoding class gives us a convenient way to encode and decode strings. The ConnectionString which contains all the information about connecting to a database is contained in a string; therefore, the class methods can be used to encode and decode. This next picture shows an object browser displaying the details of the System.Text.ASCIIEncoding class.
Next: Simple code to encode and decode >>
More ASP.NET Articles
More By Jayaram Krishnaswamy
