Implement database encryption in the winform development framework

In many cases, we need to encrypt the database, especially the ACCESS database and SQLite database. The data directly deployed on the client is also the customer's asset, databases always have a lot of related secrets or important business data. Therefore, databases are generally sensitive. Because the enterpriselibrary module is used in the database access module of my winform development framework, you can also useCrytography Application Block for encryption and decryption.

Because you do not want to introduce too many of these additional modules, or to simplify the client configuration, adding a password to the database connection string directly in the enterpriselibrary module is also an effective method, this article introduces this method to implement encryptionAccess database connection stringAnd access the ACCESS database with a password.

1. database selection

If you want to encrypt the ACCESS database, You must select the access2007 or later version. The password of this version is specially processed by 128 bits. It seems that it is still difficult to crack at present, it seems that no suitable cracking tool has been found. If Access2000 is used, there will be more tools to crack the password.

The database engine of access2007 is generally not equipped with an office2007 computer, and the accessdatabaseengine driver must be installed in particular. Otherwise, the message"The 'Microsoft. Ace. oledb.12.0 'provider is not registered on the local machine.' (Microsoft. Ace. oledb.12.0 is not registered on the local computer.Program. Download the driver of the corresponding version from the Microsoft website.

If you want to encrypt the SQLite database, it can also be more effective, and its password is also more difficult to crack.

The above two types of client databases are encrypted by using the functions of the software. We can set the password at the early stage of development. Customers generally do not need to understand it. They or other personnel can copy it out, it cannot be used independently to ensure the security of the database.

2. Database Encryption

1) Access Database Encryption

If you encrypt the ACCESS database, remember to select the format above access2007 and then open the Access File exclusively, as shown in.

In the database tool options, select password for encryption and enter your password in the pop-up dialog box.

The password strength of office2007 is good. At least I found several tools and failed to crack my password.

2) SQLite Database Encryption

SQLite database encryption is also very simple. Here I use SQLite developer to open an existing database, right-click the database, select set encryption key, and enter the password in the pop-up dialog box.

I have made some knowledge about the SQLite database confidentiality mechanism. It seems that the intensity is good, and it is said that the performance loss is very small. I did not see much interference in performance during development and testing.

3. Add encrypted content to the connection string

Because we want the database configuration items to be as concise as possible, we do not need to specify the access password in the configuration file, which also avoids the leakage of encrypted strings. We can dynamically set database access objects.The Database Access Password attribute is processed in memory. As follows:CodeAdd an encrypted string to the ACCESS database connection string.

 
# RegionEncrypted connection string
 

         ///   <Summary>          ///  Generate a database object based on the configuration name of the database.  ///   </Summary>         ///   <Returns> </returns>          Protected   Virtual  Database createdatabase () {database DB = Null  ;  If ( String  . Isnullorempty (dbconfigname) {DB = Databasefactory. createdatabase ();}  Else {DB = Databasefactory. createdatabase (dbconfigname);} dbconnectionstringbuilder sb = DB. dbproviderfactory. createconnectionstringbuilder (); sb. connectionstring = Getconnectionstring (); genericdatabase newdb = New  Genericdatabase (sb. tostring (), DB. dbproviderfactory); DB = Newdb;  Return  DB ;}  ///  <Summary>          ///  Dynamically changing or connecting strings  ///   </Summary>          ///   <Returns> </returns>          Protected   Virtual   String  Getconnectionstring (){  String Connectionstring = ""  ; Databasesetasksetting = Configurationmanager. getsection ("  Dataconfiguration  " ) As  Databasesettings;  If (Setting! = Null  ){  String Defaultconnection = Setting. defaultdatabase; connectionstring = Configurationmanager. connectionstrings [defaultconnection]. connectionstring;  // Try to encrypt or decrypt                  If (! Connectionstring. endswith ( "  ;  "  ) {Connectionstring + = "  ;  "  ;} Connectionstring + = String . Format ( "  Jet oledb: Database Password = testpassword;  " );}  Return  Connectionstring ;}  # Endregion 

By dynamically adding encrypted connection strings when accessing the database, the system configuration file is no different from the common one, as shown below:

   <  Connectionstrings  >      <! --  Path symbol | datadirectory | indicates the current running directory  -->  <  Add  Name  = "Access" Providername  = "System. Data. oledb"  Connectionstring  = "Provider = Microsoft. Ace. oledb.12.0; Data Source = | datadirectory | \ database1.accdb; user id = admin ;"  />      <  Add  Name  = "SQLite"  Providername  = "System. Data. SQLite"  Connectionstring  = "Data Source = | datadirectory | \ forummis. DB; version = 3 ;" />    </  Connectionstrings  > 

In the above configuration file, the ACCESS database uses the 2007 format, so provider = Microsoft. ace. oledb.12.0. If Access2000 is used, provider = Microsoft. jet. oledb.4.0 (not required for security reasons ).

The operation of the SQLite database is similar. An example of its encrypted string is as follows:Data Source=C: \ mydb. DB;Version=3;Password=Mypassword;.

By dynamically adding an encrypted string to the connection string, the first method for these databases deployed on the client is to improve security and the user cannot analyze the encryption type; the second is that the user's connection string is not disturbed and can be read normally. The third is that more modules and Code are not required for implementation.

The above is only one of the database word confidentiality mechanisms used by the winform development framework for your reference and correction.