Thread: How to deploy SECURE and PORTABLE application

Hi all,

I made (I think!) a portable app wherein the connection string is in a separate config file ([app].exe.config). So when changing values for the connection string, you dont have to compile the app, just change the value from the config file.

However, when you deploy the application to the client machine, you have to include the config file in you deployment project else, when you install the apps on the target machine, a 'ConnectionString property has not been initialized' error will be displayed. If the config file is to be distributed to every client, that will pose great security risk for the userid and password of your database plus the dataserver server name are encoded in the config file, they aren't encrypted.

Does somebody know a way how to distribute a portable yet secure application?

Thanks in advance,
Marivic

Hi hellswraith,

Thanks for replying but I'm afraid I didn't follow you.

My [app].exe.config is where I specify the connection string from my app to the database. Our database admin gave me a userid and a password for development purpose. However, when deploying, our db admin just needs to change the value from the config file to connect to the production db server without compiling the application. That's the scenario.

Can you kindly explain further your suggestion. This is my first time developing and deploying VB.Net apps.

Thanks again,
Marivic

i think he means that when a user starts your app, he/she is prompted with a login screen: username, password are entered and the program uses this username and password in the db connection string...

Ok. But how about the the db server name? I think that's also needed to connect to the database.