-
Jun 1st, 2006, 07:47 AM
#1
Thread Starter
Banned
store conn string in ???
Simple question...
I need to store a constant kind of like a connection string / or a file path in vb.net. In asp.net I usually store these in the web.config file. Then in aspx when I need the value I simply do:
ConfigurationSettings.AppSettings("NameOfMyTag")
to get the value I need. How would I do this in vb.net ? Do I store it in the assemblyinfo file ?
-
Jun 1st, 2006, 08:16 AM
#2
Hyperactive Member
Re: store conn string in ???
You have something similar available in vb.Net.
The xml file named applicationname.Exe.Config will reside where your exe exists and you can use System.Configuration.ConfigurationSettings.AppSettings to read the data within.
-
Jun 1st, 2006, 08:47 AM
#3
Fanatic Member
Re: store conn string in ???
If you are using 2005, you have the new My namespace. You can add the values to the Settings.settings file and then reference them with My.Settings.ConnectionString, etc.
-
Jun 1st, 2006, 08:53 AM
#4
Thread Starter
Banned
Re: store conn string in ???
I am using vs.net 2003 there is no xml that I see. My exe is inside the bin folder and the only file with it has a .pdb extension.
-
Jun 1st, 2006, 09:01 AM
#5
Hyperactive Member
Re: store conn string in ???
Select Add Item and then select "XML File". Make you sure you name the new file "App.Config". The item will be placed in your project directory. But now, when you build the application, Vb.NET will automatically copy the file with the appropriate name to where it's supposed to be (your debug or release directory).
-
Jun 1st, 2006, 09:04 AM
#6
Re: store conn string in ???
Add a config file to your project the same way you add any other file type. Alternatively, if you create a connection in the designer you can open the DynamicProperties section of the properties window and bind the ConnectionString to an entry in the config file there, which will automatically create a config file.
-
Jun 1st, 2006, 09:33 AM
#7
Thread Starter
Banned
Re: store conn string in ???
Originally Posted by Bananafish
Select Add Item and then select "XML File". Make you sure you name the new file "App.Config". The item will be placed in your project directory. But now, when you build the application, Vb.NET will automatically copy the file with the appropriate name to where it's supposed to be (your debug or release directory).
Can you give me a sample line item inside of this file...and how to call it.
Like a constant...
-
Jun 1st, 2006, 09:51 AM
#8
Re: store conn string in ???
In the config file,
<configuration>
<appSettings>
<add key="ConnectionString" value="......." />
...
To access it,
System.Configuration.ConfigurationSettings.AppSettings ("ConnectionString")
-
Jun 1st, 2006, 10:02 AM
#9
Frenzied Member
-
Jun 1st, 2006, 10:15 AM
#10
Re: store conn string in ???
Originally Posted by MrGTI
A database connection string stored in plain sight? That's not a security risk.
Yeah, it's insecure and the user has direct access to it. One could choose to encrypt the string before placing it in the config file, and decrypt it just before the code needs to use it.
-
Jun 1st, 2006, 10:25 AM
#11
Thread Starter
Banned
Re: store conn string in ???
It would not be insecure in a web app, since the config file sits on the server.
-
Jun 1st, 2006, 10:26 AM
#12
Thread Starter
Banned
Re: store conn string in ???
Originally Posted by MrGTI
A database connection string stored in plain sight? That's not a security risk.
Maybe for app.config, Ive never had to write a vb.net with db app...
but for a web.config asp.net application how is it insecure ?
-
Jun 1st, 2006, 10:44 AM
#13
Re: store conn string in ???
Originally Posted by JAKSupport
It would not be insecure in a web app, since the config file sits on the server.
It's more secure than in the case of winforms.
Unless a hacker gets direct control of the server itself. Otherwise the HttpModules for ASP.NET handle requests for web.config and call it 'unauthorized'.
-
Jun 1st, 2006, 01:40 PM
#14
Frenzied Member
Re: store conn string in ???
There are many ways a webserver could be vulnerable.
Besides the obvious idea of a hacker getting onto the machine, there’s many other ways. Maybe the server is backed up each night, and the backups are stored on another machine. Maybe someone makes a copy of that backup, and then restores it to their personal machine. Then they can browse your files with all the time in the world, and locate your easily visible database connection string.
Keep that info as tightly guarded as possible!
~Peter
-
Jun 1st, 2006, 05:19 PM
#15
Re: store conn string in ???
.NET 2.0 adds explicit support for config file encryption and on-the-fly decryption. Just one more improvement to add to the list.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|