Http://www.mstclub.com/blog/hongweiqu/We all know that web. config can save the connection string, which is also done in the program, web. config is XML, so it has a clear structure, so we can easily understand it, but this also has a problem. Our database is completely exposed to the person who browses the file, this is what we don't want. We can use a simple and effective encryption algorithm to encrypt the connection characters, so that those who directly browse the file cannot see the information clearly.
We generally Save the connection string in the following form:
<Deleetask>
<Add key = "ConnectionString" value = "server = localhost; database = test; pwd = sa; uid = sa;"/>
</AppSettings>
For ourselves to understand these encrypted characters, we need an additional program to generate these encrypted data (this additional program can be very complicated, but to illustrate the problem, we use a simple base64 encoded data, which is not encrypted, but the principle is the same ). We create a WinForm project specifically used to generate base64 conversion from plaintext to ciphertext. If other encryption algorithms are used, we can replace this encryption process. The code in the conversion button is as follows:
Private void button#click (object sender, System. EventArgs e ){
Byte [] data = System. Text. ASCIIEncoding. ASCII. GetBytes (this. textBox1.Text );
String str = Convert. ToBase64String (data );
This. textBox2.Text = str;
}
TextBox2 contains the characters after the code is changed. We can. connection characters in config ("server = localhost; database = test; pwd = sa; uid = sa ;") put it in this program to generate a new string ).
Then we use this character to replace the unencoded string. As follows:
<Deleetask>
<Add key = "ConnectionString" value = "c2VydmVyPWxvY2FsaG9zdDtkYXRhYmFzZT10ZXN0O3B3ZD1zYTt1aWQ9c2E7"/>
</AppSettings>
Haha! No! But our program doesn't know either:-(it's okay that we know the encryption algorithm, so our program can understand it, and finally how to use it in the program, our program needs to understand the meaning of this string. we add the following tool methods in the data access layer.
Private string GetConnectionString (){
String strconn = System. Configuration. ConfigurationSettings. etettings ["ConnectionString"];
Byte [] data = Convert. FromBase64String (strconn );
String strRealConn = System. Text. ASCIIEncoding. ASCII. GetString (data );
Return strRealConn;
}
In this way, you can obtain the real connection string.
The above simple encryption (pseudo encryption, in fact, this article implements a code rather than encryption) method, may be able to deceive some people's eyes, however, for those who know the inside story, they are still starting to protect themselves. Therefore, you can extend this algorithm to replace the encoding algorithm in this case with symmetric or asymmetric encryption algorithms, in this way, it is almost foolproof. To encrypt data using a pair of encryption algorithms, see http://www.csdn.net/Develop/read_article.asp? Id = 23386 describes some methods. For more information, see
