开发者

How to set your sensitive data in the application code when creating ADO.NET Model?d some tag a

I am creating a model for a database and was curious at the following statement in the ADO.NET Entity Model wi开发者_开发技巧zard where you have the options of choosing Yes or No as where to store sensitive data -

"No, exclude sensitive data from the connection string. I will set it in my application code."

I have never used this option and just wanted to find out if I did where I would have to specify my sensitive data. Any ideas?


Set the connection string argument of the Model constructor:

MyEntities1 db = new MyEntities1 ("metadata=res://*/Model1.csdl|res://*/Model1.ssdl|res://*/Model1.msl;provider=System.Data.SqlClient;provider connection string=';Data Source=localhost;Initial Catalog=myDb;User ID=user1;Password=myPass;MultipleActiveResultSets=True';"); 


Create Encrypted DLL to hold connection string

Modify the constructor of the entities

 // Separate Encrypted DLL file
 public static class secureData()
 {
    public static string ConString = @"Data Source=YOUR_SERVER;Initial 
    Catalog=YOUR_DB;Persist Security Info=True;User 
    ID=YOUR_USER;Password=YOUR_PASSWORD";
 }


 public sampleDBEntities() : base("name=sampleDBEntities")
    {
        this.Database.Connection.ConnectionString =  secureData.ConString ;
    }


This is what i have used in the past, although many will argue its unsecure to store plain text passwords in your source files. There are methods to secure this by encrypting your connection strings;

public db_entity()
            : base("name=db_entity")
        {
            this.Database.Connection.ConnectionString= "server=localhost;user id=<USERNAME>;Password=<PASSWORD.;persistsecurityinfo=True;database=<DB_NAME>";            
        }


It's the username and password for connection string. If you do not have them in the config file, you'll have to provide them when creating the data context.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜