Title Image

Don Xml's Grok This

The home of Don Demsak
Welcome to Don Xml's Grok This Sign in | Help
in Search
Home Grok This All Things Techie Music Blog Photos Downloads

This Blog

Syndication

Site Sponsors

Recent Posts

Archives

DonXml's All Things Techie

N3UG – Encrypted Connection Strings Presentation

Last night, at the North New Jersey .Net User Group (N3UG), I gave a presentation on my Encrypted Connection Strings project, which has been a GotDotNet user sample since last summer.  It is a pretty simple project, which you will not need once Whidbey is release, but it is great for those new to .Net (which is a good part of this user group, since the majority of attendees are students in the host company's (SetFocus) .Net class.  Instead of just writing the code during the presentation (a skill that I haven’t mastered), I was going to do the next best thing and walk the folks thru the design by building a UML sequence diagram of the different usage scenarios.  But during the short Powerpoint presentation, I noticed more than a few glazed looks, and figured that this was not the place for UML. 

So I chickened out on dropped back to walking thru the code.   Not really something I wanted to do, but I know I would have lost a good deal of the people I wanted to get thru to.  You know, I really like using whiteboards to create informal diagrams to explain systems, and I really haven’t found the equivalent version for a PC.  Because all projectors are not high resolution machines, things can tend to look bad on a projector, when they look great on a laptop, so things like Visio are pretty poor as a whiteboard replacement.  Now, if I could combine a TabletPC with a cross between OneNote and Visio, that would be a cool app to do presentations with.

Share this post: email it! | bookmark it! | digg it! | reddit! | kick it! | live it!
Published Wednesday, May 12, 2004 12:01 PM by donxml
Filed under:

Comment Notification

If you would like to receive an email when updates are made to this post, please register here

Subscribe to this post's comments using RSS

Comments

Richard Hsu said:

Hi,

I downloaded and looked at the project.

I am a newbie at this cryptography stuff so I am not challenging you or anything, I just want to learn.

What I wonder is how does it conceal the Connection String, the connection string will at some point be needed, and a decompiler will show that, or someone can use your objects to undecrypt the string.

Regards,
Richard.
May 13, 2004 6:57 AM

DonXML Demcsak said:

Yes, you are correct, encrypting the connection strings does not make it impossible to get the info back, just harder. Since you have to get the info back to its orignal form, you need symmetric encryption. The key to symmetric encryption is keeping the salt (the IV) and the key protected (since that is the only way to get the info back). There are lots of different ways to do this, some more secure that others, and you will have to pick the solution best for your situation. Since my goal was to keep the wander eyes of network admins from finding the info in the connection string, we just embedded the IV and the key in the code. Is this totally secure, no, but it keeps people from making changes to the connection string (you need to use the connection string builder to update it) and hides the information from people would have access to the machine, but should not know the database information.

Oh, the next version of .Net implements this in a similar manner, but just for ASP.Net.

You can use the Configuration Application Block instead of my example, but it is a generic solution for config files, and not specific to connection strings (it doesn't have any of the rules for building data base specific connection strings, which this project does have). I guess you could combine some of this code with the Config Block code and make my stuff a bit more flexible. Might be a good project for someone.
May 13, 2004 7:25 AM

Richard Hsu said:

hey Don,

Thank you for you explanation. I'll definitely look into your suggestions. Thank you for your time.
May 14, 2004 2:14 AM

Leave a Comment

(required) 
(optional)
(required) 
Submit

About donxml

I’m an independent consultant, specializing in .Net solutions architecture, based out of New Jersey who also doubles as an evangelist for XML, Domain Driven Design, enterprise architecture and .Net. I do not work for Microsoft, the W3C or any other big company that you may know of (at least not yet). I’ve been an indie for over ten years, and although I’ve been tempted a couple times to take a job with companies like Microsoft, I’ve haven’t found something better than my current situation. I work mostly with the large pharmaceuticals that are based here in New Jersey, and usually find myself on long term contracts. Definitely not the prototypical indie consultant, but it lets me dedicate time to my non-income generating activities like the developer community stuff, plus financing open source projects like XPathmania and MVP-XML. If you would like to talk to me about doing some contract work, just contact me via the contact page. My rates vary widely, depending on lots of different variables, but mostly distance from Jersey, and type of work. Plus, I’ve been known to donate some of my code for various projects.

Tags
Copyright 2007
Powered by Community Server, by Telligent Systems