Ok, I know this has been asked a thousand times before, but no conclusive solution has been derived...so here is another really silly question!
I have a Winforms 3.5 app and using LINQ to SQL, hence the Connection string is ALWAYS stored in "app.config" by default (and VS2008 will not accept any other way of storing this - Ive even tried overwriting this in the IDE-generated code). That being said, any person with a bit of computer know-how needs to just browse to the install directory of the app, look for the [appname].exe.config file, and open it to reveal the supposed secure username/password for accessing the database. Even if you opt to encrypt/decrypt this section, it is only done when the app is running - so Im assuming that when the app is closed, the connString section reverts to plain text....that can be once again read. (....how do you win?!?!)
Keeping in mind that Im using LINQ and generating a LinqDataContext, what I would like to know is this:
Can the connstring not be stored elsewhere besides the app.config? (perhaps like in a user setting file that can be modified after installation)
If the above is possible, can I not store a pre-encrypted connstring into the config file (that certainly wont be able to be read) and in my application, opt only to decrypt the connstring whenever the connection is opened?
If none of this is possible, I may have to revert to using traditional ADO.NET (seeing that I already have hundreds of stored procs for all CRUD operations) - at least that way I can have control over how and where the connstring is stored.
BTW - sorry if this is a juvenile/confusing question to ask, and if you feel that Im wrong with anything Im explaining please let me know.
Much thanks!
You can store a pre-encrypted conn-string in the app.config, but i guess it will be useless since, your application sooner or later will decrypt the conn-string (And the plain text will be availiable to anyone interested!)
So you should obtain an SSL cerificate too... (Not a self signed one)
Related
I've been trying to create a program that creates a database, creates tables, stores information in these tables, and reads off these tables. I am using delphi and microsoft access (although I am open to using another database program if one is easier to learn). Anyway, I cam across this question and answer: Delphi 7: ADO, need basic coding example
However I am confused about what my connection string would be or how to know what is is. I want the database saved in the same file area as where my program is so would it just be the file directory to that area such as:
FILE NAME=E:\project\Debug\Win32\Studentdb.accdb
Also the user uses +database. If my database name is Studentdb would I just put 'Brill1' in that space or not?
Also do I need to use ODBC connector if I am not using MYSQL? I am guessing not but do I need to use something else. Also, while saving files from microsoft access they save as .accdb however when I created a ADOConnection component on my form and pressed into the connection string property it was asking for a .udl and I haven't run across this anywhere before so I am wondering if I need to convert or do something with that.
I am a real beginner with this so I am sorry if my questions are obvious but I would really appreciate some help or pointed to a beginner's friendly resource on the subject. Thank you.
All possible connection strings from Access 2007 are here:
https://www.connectionstrings.com/access-2007/
...which one to choose depends on which driver you have and/or want to use.
(ACE, OLE, ODBC ...)
Preface
I created an Information System using Visual Basic for our office in our school. It uses OleDb Engine for an Access Database. The database is stored inside the directory or locally inside the application thus making the connection string:
"PROVIDER=Microsoft.ACE.OLEDB.12.0;Data Source = DATA\Base\database.accdb;Jet OLEDB:Database Password =cca"
The Information System makes the job done on printing, reporting, adding, deleting and editing records.
What I'm Trying To Achieve
Now I need to make the database accessible ONLINE or REMOTELY by making an unused PC be a server instead. This is the overview of what I'm trying to achieve:
and the connection string will be like (or SOMETHING LIKE)
"PROVIDER=Microsoft.ACE.OLEDB.12.0;Data Source = (address of the server, something like) 10.212.19.3:1234\CCA-SERVER\My Documents\database.accdb;Jet OLEDB:Database Password =cca"
telling the system that it will access the database in an address online and on a specific server. Or something like, I will just put the database inside the server and through the internet it will be easily be accessed by the system like a Shared Location inside a network. If so, How can I do it? Where do I begin?
Question Conclusion
I'm trying to make a database server. We have a desktop server ready to run. I'm currently digging Google for information and guides how to make it but all I see for now is bumped threads and searching alone won't fill me enough so I decided to ask you guys if you know any
Guides.
Links to any resources.
Tips on where should I start.
Links to Tutorials.
Tools I'll be needing for the process.
NOTE: I'll update this if ever somewhere in the internet provides a
good guide/tutorial for what I'm trying to achieve and I'll put a link
to it incase someone in the future will ask the same question as I
did. For now, I'm asking for your help and brief me what I should do step by step.
Thank you.
I successfully managed to create a SQLite3 DB with Perl using Perl::DBI module.
I was wondering if there was a way to add encryption to the database to my existing Perl code ?
I read thoroughly the 2 following links :
Password Protect a SQLite DB. Is it possible?
SQLite with encryption/password protection
but the provided examples seem only to include proprietary software or C# code (especially this bit here https://stackoverflow.com/a/24349415/3186538).
Thanks in advance.
Well, you could run your data through any of the Crypt::* modules (::DES, ::Blowfish, ::IDEA, etc, in conjunction with ::CBC), then possibly encode it with base64 to get text, before writing it to the DB. And, of course, reverse the operation when reading. You could even create a Perl::DBICrypt module that sat above Perl::DBI and did this automagically.
However, it depends pretty much on how you're going to use it. If you're just worried about someone stealing and using your data, the encryption would be feasible since, without the key, it would be useless.
On the other hand, if you're trying to protect data in a system you distribute, then the key will be available to the attacker (since, without it, your code won't work). So encrypting in that case would be a minor inconvenience at best.
It's something that could only really work if you kept the key away from the attacker (such as if the Perl code runs in an app server controlled by you).
Basically any solution that decrypts data on a box accessible to an attacker will be vulnerable.
I hope someone have already faced an issue to verify that application shows correct data from database. I reviewd how groovy used SQL, but I have no idea where and how I should do that. I'm just starting to use gradle+Spock+Geb for testing application. I have a few files where I described a couple of pages from application, a couple of modules and a file with spock specification. Where and how I need to connect to Oracle DB, use SQL and compare result's data with application's ones?
P.S. I write everything in notepad++ and launch from command line writing 'gradlew firefoxTest'. Does exist any more comfortable way to work with gradle+spock+geb?
Thanks in advance.
Because there are no other answers, I wanted to provide a solution someone at my company thought of. This assumes you already have a project that uses some sort of JDBC. In our case it is JDBI.
The idea is to extend Classloader and then use that to directly access the data access object class via the JVM. That idea should work.
I have not tested it out because it doesn't completely fit our use-case. I'll admit that this does not completely apply to your use case, but technically you could just run the jar of an existing project, which can access the database.
How do I read and write a file using a file format which is readable by a database server, in vb2008?
I have very little experience working with databases, and I can't seem to find any tutorials which don't involve some type of server as a middle-man.
It's really going to depend on which type of database files you are working with. If you have an Access Database file, you can open a connection to the database with the following code.
Dim DBConn as New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\MyDBFile.mdb;")
If you don't want a server, use SQLite. There are .NET bindings that work quite nicely.
Reading and writing the raw database files would be an immense undertaking -- if you have to ask how to do it, you shouldn't. It requires so much work that it's not even worth considering for a moment.
In general, most database-aware software writes to the database using a software library adapter. Like ODBC.
What you might be looking for is the file format that a bulk loader can understand. Something like this (MySQL example).