.NET Tutorials, Forums, Interview Questions And Answers
Welcome :Guest
Sign In
Win Surprise Gifts!!!

Top 5 Contributors of the Month
david stephan
Gaurav Pal
Post New Web Links

Protect It: Safeguard Database Connection Strings and Other Sensitive Settings in Your Code

Posted By:      Posted Date: August 21, 2010    Points: 0   Category :ASP.Net

Protecting application secrets, such as database connection strings and passwords, requires careful consideration of a number of pertinent factors such as how sensitive the data is, who could gain access to it, how to balance security, performance, and maintainability, and so forth. This article explains the fundamentals of data protection and compares a variety of techniques that can be used to protect application settings. The author discusses what to avoid, such as hiding keys in source code and the use of Local Security Authority. In addition, he presents some effective solutions such as the Data Protection API.

Alek Davis

MSDN Magazine November 2003

View Complete Post

More Related Resource Links

Can this code be setup to run against the whole database instead of just 1 record at a time?


We have made some changes to this code to start capturing 1 new field of data and updating it as new records are added. But there is currently about 120,000 records more or less.. those records of course dont have the new field populated with anything..

We would like to run this logic that already in place and run it against the tables to update the fields 1 time. I think to make it easier, if it can be setup to expect the "valueTwo" variable, so that we can run it againt the individual codes instead of doing all the records at one time.. there are codes that only have a few records, so it would be best to test initially against the small code group.


            strSqual = "insert into trans (trans_type_name, trans_date,sys_id,mod_user_id,show_ind, remoteCode, techName) values('" & valueTwo & "','" & TransDate & "',"&strSystemID&", 1,'T', '" & dbQuote(strUser) & "', '" & strTechName & "')"        
            'get the new transaction_id out for just inserted alarm   
            strSqual = "select max(transaction_id) as transaction_id from trans"  
            set rst = getStaticRecordSet(strSqual)

Create/add table from code to database



I create table:

                  DataSet data=new DataSet();

                  DataTable myTable = new DataTable("NewTable");

                   DataColumn[] keys = new DataColumn[1];

                   // create column
                   keys[0] = new DataColumn();
                   keys[0].DataType = System.Type.GetType("System.String");
                   keys[0].ColumnName = "PointID";
                   myTable.Columns.Add(keys[0]);    &nb

Unable to make connection to database?


Hy guys. I try to connect my database for so long so i wrote two type of codes. Let's discuse first on.

I have database called PhoneDirectory.

It have only one table named Residents.

I have button wiht ID="Button1".

I want when i click this button to see all of my residents. 

I want to see the result in DetailsView and to be able to edin, delete and add new resident.

First try with SqlDataSource so i wrote this:

<asp:SqlDataSource ID="Resident Details" runat="server" ProviderName="System.Data.SqlClient" ConnectionStrings="<%$ ConnectionStrings:ThisIsTheConnection%>" 
              SelectCommand = "SELECT * FROM Resident "

Need Oracle Data Provider .CS File for Oracle 10g Database connection !



I need a 'Wrapper.cs' file which takes care of the Database connection ( Oracle 10g) where

i can just call the method with my SQL Query


Gridview1.DataSource = SampleWrapper.ExecuteDatatable("THE SQL QUERY");


Plz Post the link if there is any open source !    

Under the Table: How Data Access Code Affects Database Performance


In this article, the author delves into some commonly used ways of writing data access code and looks at the effect they can have on performance.

Bob Beauchemin

MSDN Magazine August 2009

Toolbox: Database Audit Logs, Joel on Software, Code Handouts, and More


This month the Toolbox column takes a look at database logging, Joel Spolsky's blog, printing code projects, and ASP.NET reading.

Scott Mitchell

MSDN Magazine May 2008

Smart Storage: Protect Your Data Via Managed Code And The Windows Vista Smart Card APIs


Smart cards are a compelling alternative to the reliance on passwords, which are the weakest link in authentication systems. Get the Windows smart card programming basics here.

Dan Griffin

MSDN Magazine November 2006

Wicked Code: Supporting Database Cache Dependencies in ASP.NET


Developers love the ASP. NET application cache. One reason they love it is that ASP. NET lets them create dependencies between items placed in the cache and files in the file system. If a file targeted by a dependency changes, ASP.

Jeff Prosise

MSDN Magazine April 2003

Windows Script Host: New Code-Signing Features Protect Against Malicious Scripts


Downloading scripts from the Web or e-mail leaves users vulnerable to security risks because scripts can't be signed. But now developers can use Windows Script Host (WSH) to hash scripts so users can verify their source and safety. With WSH, scripts can be signed or verified using all the same tools ordinarily used to sign EXE, CAB, DLL, and OCX files. This article discusses public-key cryptosystems, the process of signing and verifying scripts in WSH, and several warnings about attacks that could potentially be made against cryptographically secured scripts and ways in which to avoid them.

Eric Lippert

MSDN Magazine April 2001

Best way to Deploy InfoPath form with connection information and managed code

Hi, Whats the best way to deploy an InfoPath form with connection information and managed code. Is there way I can create a deployment package for this? Thanks in advance, San

Database server connection limit exceeded..

I have an SSIS package and have been adding additional DFTs to it.  Where there are dependencies between transformations I identify them.  However where things can procceed in parallel I do not constrain them form a control flow standpoint.  After adding another DFT I am now getting package failure due to "Database server connection limit exceeded" (my local source database is SQL Anywhere and it has a max connections of 10 in production it will be full blown Sybase and will probably not be so constrained).  I think I can solve the problem just my making control flow dependencies to reduce the amount of parallel activity but I am wondering if there are other things I should consider doing.  For instance are there other settings I can tweak that tell SSIS to run parallel up to X connections out of a connection pool? (or something like that). Some may comment that this relates to my post of yesterday on package strategy (master-child packages or one big package).  I still have one big package for now but may break it into master-child.  Still I think I can control the amount of parallel activities through control flow even if it remains one package. Any thoughts or comments on this would be appreciated. - Charles PS - just ran my package and this time it succeeded - sometimes I hit the limit of 10 connections sometimes not...

Failed to initialize MSDB database for tuning (exit code: -1073741819). (DTAClient)

Hello,This is the first time I am using this forum. I am stuck and need some help. I received this error message both on SQL 2005 and 2008. I am currently using SQL 2008 DEV for testing purposes and I am experiencing this error message when trying to connect to Database Engine Tuning Advisor. I am using the SA account so I should not have any security issues. Also this is a fresh install of SQL 2008 DEV on a fresh install of Windows XP Pro with all SP. Can some please help.Error:"Failed to initialize MSDB database for tuning (exit code: -1073741819). (DTAClient)"=================================== Failed to open a new connection. =================================== Failed to initialize MSDB database for tuning (exit code: -1073741819). (DTAClient) ------------------------------Program Location:    at Microsoft.SqlServer.Management.DTA.Client.TuningServer.InitializeTuningParametersDatabase()   at Microsoft.SqlServer.Management.DTA.Client.TuningServer.InitializeConnection()   at Microsoft.SqlServer.Management.DTA.Client.TuningServer.Connect()   at Microsoft.SqlServer.Management.DTA.Shell.SessionMonitor.AddServerInternal(SqlConnectionInfo connectionInfo, SqlConnection connection)   at Microsoft.SqlServer.Management.DTA.Shell.SessionMonitor.AddServer(SqlConnectionInfo connectionInfo, SqlConnection connection)   at Microsoft.SqlServer.Management.DTA.Shell.SessionMonitor.On

Database connection problem in ASP.NET

Hello,            I m having a database problem that I couldnt identify. The IIS loses connection to database once in 3 weeks.  Once  you restart the IIS everything is normal. Looks like IIS is fine because i can go to static pages. When I go to a page that requires database connection I get this error: A transport-level error has occurred when sending the request to the server. (provider: TCP Provider, error: 0 - Either the application has not called WSAStartup, or WSAStartup failed. A network-related or instance-specific error occurred while establishing a connection to SQL Server. The server was not found or was not accessible. Verify that the instance name is correct and that SQL Server is configured to allow remote connections. (provider: Named Pipes Provider, error: 40 - Could not open a connection to SQL Server)   Is this a connection string problem?. because without changing anything if I restart the webserver all is fine.  Is this a problem with application state?   It cant be at the sql server side as other applications on the machine work fine. There is something going on with IIS not sure what it is.   Any help would be appreiciated.   Thanks, Bharani      

Writing connection string in web.config file by code or dynamically

I want to write connection string in web.config file of my application by code. If anyone know the way or code just help me..NET,C#,SQL SERVER

help needed re: "Invalid Database Connection"

I'm a novice at adding programs. I have Windows XP, & have tried downloading a homeschool program, but when I click on the icon on the desktop I get this message in a pop-up box: "Invalid Database Connection X Cannot Establish A Valid Database Connection / Exception message: Login failed for user 'soshome09.' Reason: Server is in single user mode. Only one administrator can connect at this time. / Please contact technical support"   *Note: the user 'soshome09' is the homeschool disk I'm trying to open. I don't even know if I'm posting this request in the right area/forum!!!! ANY/All help will be greatly appreciated! thesingingbyrds@hotmail.com

Error in attaching database file and creating a new connection

I am having problem when i was trying to attach .mdf file while create a new connection of SQL server, create a new connection of SQL database file and open the database in Server Explorer. I am using VS 2010 Ultimate and SQL Express 2008 R2.Can anyone please tell me what is the problem I am facing?Here are the error message.1. Attach .mdf in SQL database file and open the database in Server Explorer2. Create a new SQL server and attach .mdf

Why is it that this code updates my sql database with the default EditBox text?

Any help is appreciated. using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.HtmlControls; using MySql.Data.MySqlClient; public partial class _Default : System.Web.UI.Page { TextBox EditBox = new TextBox(); TableRow[] NewRows = { new TableRow(), new TableRow() }; TableCell[] NewCells = { new TableCell(), new TableCell() }; string ID; protected void Page_Init(object sender, EventArgs e) { } protected void Page_Load(object sender, EventArgs e) { var Connection = new MySqlConnection("Server=localhost;Database=site;Username=root;Password=root"); var Command = new MySqlCommand("select * from news", Connection); Connection.Open(); var Reader = Command.ExecuteReader(); while (Reader.Read()) { ID = Reader.GetString("ID"); string Title = Reader.GetString("Title"); string Text = Reader.GetString("Text"); foreach (TableRow Row in NewRows) { NewsTable.Rows.Add(Row); } NewCells[0].Text = Title; NewCells[1].Text = Text; NewCells[0].Font.Bold = true; NewCells[0].Font.Underline = true; NewCells[0].Font.Size = Fon
ASP.NetWindows Application  .NET Framework  C#  VB.Net  ADO.Net  
Sql Server  SharePoint  Silverlight  Others  All   

Hall of Fame    Twitter   Terms of Service    Privacy Policy    Contact Us    Archives   Tell A Friend