How to set your sensitive data in the application code when creating ADO.NET Model?d some tag a
I am creating a model for a database and was curious at the following statement in the ADO.NET Entity Model wi开发者_开发技巧zard where you have the options of choosing Yes or No as where to store sensitive data -
"No, exclude sensitive data from the connection string. I will set it in my application code."
I have never used this option and just wanted to find out if I did where I would have to specify my sensitive data. Any ideas?
Set the connection string argument of the Model constructor:
MyEntities1 db = new MyEntities1 ("metadata=res://*/Model1.csdl|res://*/Model1.ssdl|res://*/Model1.msl;provider=System.Data.SqlClient;provider connection string=';Data Source=localhost;Initial Catalog=myDb;User ID=user1;Password=myPass;MultipleActiveResultSets=True';");
Create Encrypted DLL to hold connection string
Modify the constructor of the entities
// Separate Encrypted DLL file
public static class secureData()
{
public static string ConString = @"Data Source=YOUR_SERVER;Initial
Catalog=YOUR_DB;Persist Security Info=True;User
ID=YOUR_USER;Password=YOUR_PASSWORD";
}
public sampleDBEntities() : base("name=sampleDBEntities")
{
this.Database.Connection.ConnectionString = secureData.ConString ;
}
This is what i have used in the past, although many will argue its unsecure to store plain text passwords in your source files. There are methods to secure this by encrypting your connection strings;
public db_entity()
: base("name=db_entity")
{
this.Database.Connection.ConnectionString= "server=localhost;user id=<USERNAME>;Password=<PASSWORD.;persistsecurityinfo=True;database=<DB_NAME>";
}
It's the username and password for connection string. If you do not have them in the config file, you'll have to provide them when creating the data context.
精彩评论