Search:   Namespaces Discussions .NET v1.1 Feedback

MSN Messenger-like application and connection string Messages   Related Types This message was discovered on ASPFriends.com 'winforms-cs' list. Edward Tanguay I want to build an MSN-like application which people can download from my site and enter and view data from an online SQL Server Database. In order to do this, the SQL connection string must in the application on their machine. And I remember from my CLR course that IL decompiled and the connection string can be seen in plain text (oh my!). So I thought the best way would be to create a very secure and limited user for my database and have the app connect with that. Any other ideas? Thanks, Edward Tanguay www.tanguay.de _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com Reply to this message...        Scott Berry Deliver the data from a Web Service. That way, you don't need to give out the connection string. Note that the problem with putting the connection string directly into your app exists in unmanaged code, too.     -Scott This posting is provided "AS IS" with no warranties, and confers no rights. -----Original Message----- From: Edward Tanguay [mailto:Click here to reveal e-mail address]=20 Sent: Friday, May 10, 2002 9:15 AM To: winforms-cs Subject: [winforms-cs] MSN Messenger-like application and connection string I want to build an MSN-like application which people can download from my=20 site and enter and view data from an online SQL Server Database. In order to do this, the SQL connection string must in the application on=20 their machine. And I remember from my CLR course that IL decompiled and the=20 connection string can be seen in plain text (oh my!). So I thought the best way would be to create a very secure and limited user=20 for my database and have the app connect with that. Any other ideas? Thanks, Edward Tanguay www.tanguay.de _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com | [winforms-cs] member Click here to reveal e-mail address =3D YOUR ID | http://www.asplists.com/asplists/winforms-cs.asp =3D JOIN/QUIT Reply to this message...        Jeff Laughlin Well, like everything else in life you have a few options here.... A limited database role is certainly a great idea if all the app needs to do is read a bit of info from the db... I'd suggest doing this no matter what other steps you take... a limited privilege is a great first step in securing your app. You may wish to consider building the database call as a web service... so the app calls the web service which calls the database and pass back only the result to the app. You could build the data access section as just a standard web page then do some screen scraping in your app to grab the generated page and display the info in your app. Hope these ideas help out. Enjoy life. Jeff. -----Original Message----- From: Edward Tanguay [mailto:Click here to reveal e-mail address] Sent: May 10, 2002 12:15 PM To: winforms-cs Subject: [winforms-cs] MSN Messenger-like application and connection string I want to build an MSN-like application which people can download from my site and enter and view data from an online SQL Server Database. In order to do this, the SQL connection string must in the application on their machine. And I remember from my CLR course that IL decompiled and the connection string can be seen in plain text (oh my!). So I thought the best way would be to create a very secure and limited user for my database and have the app connect with that. Any other ideas? Thanks, Edward Tanguay www.tanguay.de _________________________________________________________________ Send and receive Hotmail on your mobile device: http://mobile.msn.com | [winforms-cs] member Click here to reveal e-mail address = YOUR ID | http://www.asplists.com/asplists/winforms-cs.asp = JOIN/QUIT Reply to this message...     Ad MBR BootFX Best-of-breed application framework for .NET projects, developed by Matthew Baxter-Reynolds and MBR IT

Copyright © Matthew Baxter-Reynolds 2001-2008. '.NET 247 Software Development Services' is a trading style of MBR IT Solutions Ltd. Contact Us - Terms of Use - Privacy Policy - www.dotnet247.com