Posts Tagged ‘ connectionstring ’

How to save the database connectionstring

Probably you asked yourself how to store the connectionstring of your database.
There are a few possibilities, you could write it in the registry or just simply create a .xml file which contains the connectionstring.

But this would be a security hole because everybody could just read the connection string and extract username + password.
In order to avoid that it is important to encrypt the connectionstring.

Here you see the class I programmed for this scenario

public class Util
{
  public static void SaveDataToXML(string path, object data)
  {
    XmlSerializer serializer = new XmlSerializer(data.GetType());
    using (StreamWriter writer = File.CreateText(path))
    {
      serializer.Serialize(writer, data);
    }
  }

  public static object ReadDataFromXML(string path, Type type)
  {
    XmlSerializer serializer = new XmlSerializer(type);
    using (StreamReader reader = File.OpenText(path))
    {
       return (object)serializer.Deserialize(reader);
    }
  }

  public static string base64Encode(string data)
  {
    byte[] encData_byte = new byte[data.Length];
    encData_byte = System.Text.Encoding.UTF8.GetBytes(data);
    string encodedData = Convert.ToBase64String(encData_byte);
    return encodedData;
  }

  public static string base64Decode(string data)
  {
    System.Text.UTF8Encoding encoder = new System.Text.UTF8Encoding();
    System.Text.Decoder utf8Decode = encoder.GetDecoder();
    byte[] todecode_byte = Convert.FromBase64String(data);
    int charCount = utf8Decode.GetCharCount(todecode_byte, 0, todecode_byte.Length);
    char[] decoded_char = new char[charCount];
    utf8Decode.GetChars(todecode_byte, 0, todecode_byte.Length, decoded_char, 0);
    string result = new String(decoded_char);
    return result;
  }
}

public class DatabaseSettings
{
  public string Server { get; set; }
  public string Database { get; set; }
  public string Username { get; set; }
  public string Password { get; set; }

  public string ConnectionString
  {
    get
    {
      return string.Format(@"Data Source={0};Initial Catalog={1};Persist Security Info=True;User ID={2};Password={3}", Server, Database, Username, Password);
    }
  }

  public void SetDatabaseSettings(string server, string database, string username, string password)
  {
    Server = server;
    Database = database;
    Username = username;
    Password = password;
  }

  public void ReadFromFile(string path)
  {
    DatabaseSettings settings = Util.ReadDataFromXML(path, typeof(DatabaseSettings)) as DatabaseSettings;
    if (settings != null)
    {
       settings.Server = Util.base64Decode(settings.Server);
       settings.Database = Util.base64Decode(settings.Database);
       settings.Username = Util.base64Decode(settings.Username);
       settings.Password = Util.base64Decode(settings.Password);
    }
  }

  public void SaveToFile(string path)
  {
    Util.SaveDataToXML(path, this);
  }
}
Advertisements