"Static" Binding Application Configuration File in C #
This is a problem that I have been pondering and searching on the internet for months now.
In a particular szenario, I have an app on a network share that connects to a database to get some information. The connection string for the database is static, including the username and password to establish a read-only connection to the database. Obviously, the connection string cannot simply be stored as plain text, but must remain the same for all users running the application from different computers over the network.
And this is a nut that I have not been able to crack in a satisfactory manner:
All the tutorials I've found so far use a .net function assembly to protect the connection string section of the app.config file (e.g. RSAProtectedConfigurationProvider), which is great for custom scope encryption, but can't be used for the scenario described since the rsa container is generated for a specific user / computer, and thus only that one user / computer can read from the once encrypted configuration file - or am I skipping the point here?
My last attempt was to write some kind of convoluted method to create a static string inside the application, encrypt my connection string, and call it every time a database connection needs to be established. This does the job, but it's not very hard to hack, simply by decompiling the program, extracting the encryption / decryption method, applying it to the extracted connection string as well.
I was wondering if there is some technique to protect sensitive data such as connection strings inside the application scope, so it is only known to the application itself and is static for all users. But it cannot be extracted simply by decompiling the program.
Maybe I'm thinking about what's inside the wrong field here, but I find it rather obscure that it seems like there is no out-of-the-box solution for this quite often seeming problem.
Thanks in advance for sharing my mind with me!
source to share
It is for this reason that many architectures include a server application as an intermediary between the client application. Thus, the encrypted configuration uses the context of the user that the server application is running against (for example, with a web application that is managed by the ASP.NET application pool ID) so that client users do not have direct access to the configuration or database.
Intranet applications directly connected to the database
Your scenario is fairly common for intranet desktop applications, and since your client application accesses the database directly, the best approach is to use per user permissions at the database level. This can be accomplished using the built-in security connection string instead of using the SQL username / password. In SQL Server, you must map an Active Directory group to permissions, and anyone who will be using the application must add their AD user to the AD group. Typically, this is sufficient for small intranets, where users have some trust and responsibility for their actions.
This ensures that no one without authorization can grab a copy of the application and use the connection to make unauthorized queries against the database. If you are truly concerned about security, you should treat any permissions at the database level as if the user could use that permission.
For example, consider this: your application needs to remove permission on the Product table because it has code that removes one product when the product reaches any Inactive date. However, any user can use this connection to delete all the contents of a table, no matter what is programmed by your client application (of course, creating them would take some skill to create a tool to accomplish this, but this is usually a dumb moment when it comes to security).
This is the reason for the client-server architecture, because once you connect the server and the clients no longer connect directly to the database, you can be sure that the interaction with the database follows a specific behavior. When your client connects directly to the database, anyone using the client can find a way to use that connection with sufficient force and abuse the permissions.
source to share
You're right. It is impossible to protect your encrypted data 100% if you cannot keep the private encryption key 100%. Unfortunately, obfuscation or "shading protection" will remain your best option in this scenario.
Alternatively, you should decouple your general application from the database by creating a web service for your data tier, and make your application available to that service, not immediately after your DB. The easiest way to secure your web service is to enable Integrated Windows Authentication and ensure that your client application uses the default user credentials when accessing it using the credential cache. The implementation is trivial in .NET.
The web service script is also preferable for scalability and performance, especially if your client application instances have to run from different offices: it is highly impractical to make direct database calls over the WAN or the Internet, the protocol is extremely chatty. A web service that sits with your database is a much better solution, especially when using remote clients, as all calls are downgraded to one type of request traffic for each call. (Or perhaps two rounds when authentication is in play.)
source to share