I am using a TableAdapter in a dataset in Vb.net winforms (connected to a mysql server) to allow integration of a Devexpress scheduler - I have been using this method for some time; while I know of many of the security flaws of vb.net including decompiling and packet sniffing plain text communication; I am trying to lock down security as much as I can which brings me to my current problem.
The dataset was set up to connect using the .net framework data provider for mysql which requests a Server address, username, password, and DB file - I then get the option of "saving the login credentials in the connection string" or "setting the login credentials in my programming code" for sake of time previously I saved the login credentials.
this adds a setting file (connectionstring)
server=mysqlserveraddress.com;user id=mysqluser;password=mysqlpassword;database=mysqldb;persistsecurityinfo=True
which also means these credentials are saved in plain text in the installation folder for my program
I am trying to transition to including this connectionstring in my programming code however I do not know how to approach it - for non-dataset transactions I have already declared public const in a module which includes the credentials
'database variables
Public Const dbserver As String = "mysqlserveraddress.com"
Public Const dbuser As String = "mysqluser"
Public Const dbpassw As String = "mysqlpassword"
Public Const dbfile As String = "mysqldb"
and I create the connections when needed.
How do I programmatically enter the connection string so it is not visible to the lay-person.
Aucun commentaire:
Enregistrer un commentaire