你们知道exe文件中的硬编码编码很容易通过一些软件(例如代码反射器)看到,我想知道我是如何隐藏我的连接字符串,其中包含sql server用户名和密码的信息以连接到windows中的数据库通过任何代码反射器看到应用程序,以便除我之外的任何其他人可能永远无法在未经我许可的情况下使用我的应用程序.
@H_502_4@
如评论所述,您最好使用集成安全性,但如果您使用混合模式身份验证定位sql Server,则可以使用Data Protection API加密app.config中的连接字符串.这是一篇关于这个主题的精彩文章:
Protecting application secrets,such as database connection strings
and passwords,requires careful consideration of a number of pertinent
factors such as how sensitive the data is,who could gain access to
it,how to balance security,performance,and maintainability,and so
forth. This article explains the fundamentals of data protection and
compares a variety of techniques that can be used to protect
application settings. The author discusses what to avoid,such as
hiding keys in source code and the use of Local Security Authority. In
addition,he presents some effective solutions such as the Data
Protection API.
Safeguard Database Connection Strings and Other Sensitive Settings in Your Code