How to handle database connection strings! Encrypt and decrypt connection strings

Encryption | decryption | data | database | database Connection | string

The processing of database connection strings should be the most basic stuff in a project. (unless your project does not involve a database.) ）

Do not underestimate him, handling bad also will bring you a lot of trouble.

The contents of the connection string are not discussed here, and this is mainly about his storage location and reading methods.

We want to achieve the goal: no matter how the connection string changes, do not need to modify the project!

1. Write the connection string in the program.

The general introductory tutorial will tell you how to write this.

vb.net

Dim cn as New sqlclient.sqlconnection ("User id=sa;password=sa;server=.; Initial catalog= database name ")
C#

Sqlclient.sqlconnection cn = new Sqlclient.sqlconnection ("User id=sa;password=sa;server=.; Initial catalog= database name ")
Of course there is no error, but when you write n pages, half of the page has such a code, this time if you need to change the connection string (such as user name and password), then you can change it. Thought I had made such a mistake, 555555

2. Put it in the web.config.

This is a more popular method. Modify the Web.config file and add the following code

And then call it where you need it.

vb.net

Dim cnstring as String = System.Configuration.ConfigurationSettings.AppSettings.Item ("connstring")
C#

String cnstring = system.configuration.configurationsettings.appsettings["ConnString"]
This is not afraid of the connection string changed again. If there is a change, modify the web.config on the line.

The disadvantage is that Web.congfig is a text form, although can not download, but still lack of security.

3. Put it in the registration form.

Put the connection string in the registry in advance and use it to get the value in the registry.

Advantages: High Security. It's not easy to see the information in the registry.

Disadvantage: Read the registry requires certain permissions, but the general space is not open this permission, because open means that you can operate the registry, which is too insecure for the server.

4. Put it inside the DLL file.

Write a separate class and write a function that calls this function to return the connection string. And then compile it into a DLL file to spare

Using System;
Namespace Jyk
{
/**////<summary>
Gets the connection string.
</summary>
public class Connection
{
public static string ConnectionString ()
{
Return "User id=sa;password=sa;server=.; Initial catalog= database name ";
}
}
}
Open DLL file directly to see is garbled, than write in Web.config have a sense of security. Of course, you can still see the code inside by decompile the software.

There is not very convenient to modify, you need to recompile this class.

5. The integrated

The above four methods each have superior disadvantage, which one is not the best, and another problem is not mentioned-encrypt the connection string.

So what's the best way to do it in a project? --layering.

Project <--Class (DLL file) <--where the connection string is stored
A. For the project just know: When I want to use the connection string, I go to the DLL (call function) to read the line, as to the specific location of the connection string, whether encryption and so do not care.

B. Class (DLL file), this is important and flexible. For general projects, you can write this.

Using System;
Namespace Jyk
{
/**////<summary>
Gets the connection string.
</summary>
public class Connection
{
public static string ConnectionString ()
{
return system.configuration.configurationsettings.appsettings["ConnString"];
}
}
}
Note: The previous DLL wrote the connection string directly into the class, and this time it was read inside the web.config.

You may ask: since it is to read the connection string inside the web.config, then why add a DLL, is not superfluous ah?

This is done to achieve this goal: no matter how the connection string changes, do not need to modify the project!

If the web.config is directly read, what if the Web.config has an encrypted connection string? Whether you want to modify the project, or the data tier. Don't think that modifying the data tier is not modifying the project.

If you add a DLL, you just need to recompile the DLL. Items can remain unchanged.

C. Where the connection string is stored

This can be done according to the requirements of the project, wherever you can, only need to modify the DLL file on the line.