Encoding the Connection String - SQL Connection String in configuration file
(Page 4 of 5 )
Connection string information can be stored in an external, persistent file such as a configuration file. ASP.NET has the web.config file for web applications. There are advantages to using a configuration file, such as going over from a test set up to a production set up where the name of the server may change. As mentioned in the introduction, storing such information in clear text could help the hackers. This needs to be prevented. Instead of a string we shall store the encoded version, which is obtained by passing the string to the encode part of the program mentioned above. While retrieving the connection string we use the decode part of the above code.
If the ConnectionString were to be stored in clear text in the web.config file, the configuration information for a SQLConnection to my MSDE database will be as follows:
<appSettings>
<add key="orders"
value="workstation id=XPHTEK;
packet size=4096;
integrated security=SSPI;
data source='XPHTEK\NetSDK';
persist security info=False;
initial catalog=Northwind/>
</appSettings>
For the key='orders', the value is as shown above.
Now using the above code, we encode the string in the value of the above XML configuration file and process the code to derive the encoded value. Such a processing yields the following for the encoded value:
d29ya3N0YXRpb24gaWQ9WFBIVEVLO3BhY2tldCBzaXplPTQwOTY7aW
50ZWdyYXRlZCBzZWN1cml0eT1TU1BJO2RhdGEgc291cmNlPSJYUEhURUtc
TmV0U0RLIjtwZXJzaXN0IHNlY3VyaXR5IGluZm89RmFsc2U7aW5pdGlhbCBj
YXRhbG9nPU5vcnRod2luZA==
Now the web.config will be modified by pasting the value above as follows:
<appSettings>
<add key="orders"
value="d29ya3N0YXRpb24gaWQ9WFBIVEVLO3BhY2tldCBzaXplPTQwOTY7aW
50ZWdyYXRlZCBzZWN1cml0eT1TU1BJO2RhdGEgc291cmNlPSJYUEhURUtc
TmV0U0RLIjtwZXJzaXN0IHNlY3VyaXR5IGluZm89RmFsc2U7aW5pdGlhbCBj
YXRhbG9nPU5vcnRod2luZA=="/> </appSettings>
Next: Example of usage >>
More ASP.NET Articles
More By Jayaram Krishnaswamy
