Results 1 to 16 of 16

Thread: How to secure a connection string

  1. #1

    Thread Starter
    Hyperactive Member
    Join Date
    Oct 2005
    Posts
    386

    How to secure a connection string

    I've sort of asked this question several times but never really had a satisfactory answer so I thought I'd try again.

    I've got an online database that contains information. It interfaces with the public - that's all working fine.

    I've got a customer's office with a local database. If I was designing this from scratch I'd just have the local office use the on-line database directly but that would be a ton of work.

    Rather I want to make a program that runs at boot-up time on one specific terminal in the office to query the online database and populate the local database.

    The local program will connect to the online database using a connection string (obviously).

    The connection string must contain the password and user login information. I want to store that string in an encrypted file on the local hard drive.

    I have access to AES encryption routines and HASH and all the rest so I'm not looking for code. Just a conceptual method for securing the connection string.

    The password to decrypt the for that encrypted file containing the connection string must be stored somewhere.

    I could store the password inside a users head but I don't know for sure who is going to come in that day and I don't want to distribute the password to lots of people. I'd rather they just turn on the computer, boot up the program and let it do the rest.

    So I need to store the password somewhere safe for a program to access when it boots up. For example, as a text string inside the program.

    But then I have to hard code a password which I don't want to do. Plus people can open up and extract a password from a program and use that to decrypt the local file and then they will have access to the on-line database. Which I don't want.

    So... long set-up for a simple question. How do you secure a connection string for an unattended program?

    Any assistance appreciated. Thanks in advance.

  2. #2
    PowerPoster
    Join Date
    Feb 2017
    Posts
    2,246

    Re: How to secure a connection string

    Another encrypted file to store the password for the first encrypted file.
    You'll need another program to generate this file when you want to change the password.

  3. #3

    Thread Starter
    Hyperactive Member
    Join Date
    Oct 2005
    Posts
    386

    Re: How to secure a connection string

    Quote Originally Posted by Eduardo- View Post
    Another encrypted file to store the password for the first encrypted file.
    You'll need another program to generate this file when you want to change the password.
    Sure but now the program needs a password to open the 2nd encrypted file that holds the password to the first encrypted file. And where would it store that password? Perhaps in a 3rd encrypted file. And the password for THAT file? In a 4th and so on.

    Eventually somehow the program needs a way to securely store and retrieve a password that it doesn't get from a human being.

  4. #4
    PowerPoster
    Join Date
    Feb 2006
    Posts
    21,031

    Re: How to secure a connection string


  5. #5
    PowerPoster
    Join Date
    Feb 2017
    Posts
    2,246

    Re: How to secure a connection string

    Your concern is then that someone could hack the program?
    You are out of luck then, if the password is somewhere in the machine, and the program is able to access it, so is a hacker.

    You only can make it more difficult, but not to avoid it securely.

    First measure: do not put the password in a string constant. Generate it by code with Chr$(n) & Chr$(n) and then make something confusing and add another character.
    Or something like that.
    It is "security" by obscurity. It is not too good, but the only thing you can do.

    Who is going to access that machine anyway?

    Another approach:

    Save the encrypted file in a pendrive that you give to any employee that needs to start the machine.
    They go to work and have to plug pendrive.

    The problem is that they can forget the pendrive at home.

    Or you could keep the pendrive in a "secret" place in the office. They come, go to get the pendrive, plug it, start the machine, and then save the pendrive again.

    That last idea seems good to me.

    PS: you need to understand that sometimes more security means more inconveniences (more steps and things to do). And that total security doesn't exist.

    PS2: in my previous post I thought that your concern was being able to change the password without having to recompile your program, perhaps that wasn't your concern after all.
    If your concern is that a hacker disasemble your program and get the main password stored in it, then I'll go for the pendrive option.
    Anyway if someone installs a program that automatically copy the pendrive content and emails it, you would be screwed.
    Security is difficul. First security measure is who can touch the machine.
    Last edited by Eduardo-; Jun 27th, 2020 at 05:59 PM.

  6. #6
    PowerPoster
    Join Date
    Feb 2006
    Posts
    21,031

    Re: How to secure a connection string

    Have you considered steganography?

    Doesn't help a lot if they can reverse engineer your code, but an image might not be the sort of place they'd probe too deeply otherwise.

  7. #7
    PowerPoster
    Join Date
    Feb 2017
    Posts
    2,246

    Re: How to secure a connection string

    If you go with steganography, it would be better if the image has also some purpose in the program, so it is not suspicious that the program reads that file, and second, do not decrypt the password just before conecting the database, decrypt it after loading the image, but in other part of the program, for example at startup. And store it obfuscated and half in one variable and half in another. Then join and deofuscate it before conecting to the database.

  8. #8
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    855

    Re: How to secure a connection string

    See:
    http://www.vbforums.com/showthread.p...ple-Encryption

    A password stored using this technique can only be decrypted on the machine that encrypted it.

    J.A. Coutts

  9. #9
    Frenzied Member wqweto's Avatar
    Join Date
    May 2011
    Posts
    2,018

    Re: How to secure a connection string

    Quote Originally Posted by Darkbob View Post
    I want to store that string in an encrypted file on the local hard drive.
    Just secure the file (don't even encrypt it) and give read permissions to a local security group called Database Sync Group -- no other permissions, no other groups, no local system, no inheritance in the permissions dialog.

    Add users that have to able to run the application to this local group. Instrument your application to bomb with "You don't have permissions to run me" for every other user.

    Quote Originally Posted by Darkbob View Post
    a program that runs at boot-up time on one specific terminal in the office. . .
    If this is unattended application (e.g. service or scheduled task) then setup the security context it's run under to use a user rom the Database Sync Group.

    This is *the* Windows sysadmin way to do it. On Linux you would use a predefined environment variable with the password (e.g. _MY_APP_PWD=s3cr3t)

    cheers,
    </wqw>

  10. #10
    PowerPoster
    Join Date
    Feb 2006
    Posts
    21,031

    Re: How to secure a connection string

    Quote Originally Posted by wqweto View Post
    Add users that have to able to run the application
    What makes you think those aren't exactly the black hats he wants to defend against? "Admin" types are among the least trustworthy users I've encountered. A "rules are for other people" mentality is rampant among them.

  11. #11
    Frenzied Member wqweto's Avatar
    Join Date
    May 2011
    Posts
    2,018

    Re: How to secure a connection string

    Quote Originally Posted by dilettante View Post
    What makes you think those aren't exactly the black hats he wants to defend against? "Admin" types are among the least trustworthy users I've encountered. A "rules are for other people" mentality is rampant among them.
    Admin users can sniff outbound network traffic and dump process address space too.

    Besides OP considered distributing the password in cleartext to the same group of people so it's not clear what is the purpose of the whole excercise indeed.

    cheers,
    </wqw>

  12. #12
    PowerPoster
    Join Date
    Feb 2006
    Posts
    21,031

    Re: How to secure a connection string

    If the password is sent to users or admins for entry then DPAPI does seem to be the answer. That's what it is for after all.

  13. #13
    Frenzied Member wqweto's Avatar
    Join Date
    May 2011
    Posts
    2,018

    Re: How to secure a connection string

    Rereading the question

    > How do you secure a connection string for an unattended program?

    . . . it seems there is an unattended program after all.

    > The local program will connect to the online database using a connection string (obviously).

    Not so obvious. I would never do that. I would prefer to expose a public API for this purpose explicitly, not the raw database.

    But DPAPI can do the trick of securing the connect string it seems. Another option would be to use AES (in whatever mode) with key derived from current user SID to emulate DPAPI (if the OS provided API not working on XP for instance).

    DPAPI cannot guard the connect string against well motivated admin user though.

    cheers,
    </wqw>

  14. #14

    Thread Starter
    Hyperactive Member
    Join Date
    Oct 2005
    Posts
    386

    Re: How to secure a connection string

    Quote Originally Posted by couttsj View Post
    See:
    http://www.vbforums.com/showthread.p...ple-Encryption

    A password stored using this technique can only be decrypted on the machine that encrypted it.

    J.A. Coutts
    Thanks for this. Probably the ideal solution for my purposes. The only issue is that the encrypted string resides in memory or as a blob or whatever. It displays on the screen but saving the encrypted string to disk and then reading it back in and decrypting it is beyond my skill level. Otherwise it would be perfect.

  15. #15
    PowerPoster
    Join Date
    Feb 2006
    Posts
    21,031

    Re: How to secure a connection string

    http://www.vbforums.com/showthread.p...=1#post5409345

    Seems like you had started that thread earlier.

  16. #16
    Fanatic Member
    Join Date
    Dec 2012
    Posts
    855

    Re: How to secure a connection string

    Quote Originally Posted by Darkbob View Post
    Thanks for this. Probably the ideal solution for my purposes. The only issue is that the encrypted string resides in memory or as a blob or whatever. It displays on the screen but saving the encrypted string to disk and then reading it back in and decrypting it is beyond my skill level. Otherwise it would be perfect.
    The password does not have to be stored to disk. I personally would use the registry.

    Are you are in control of both ends, and does the server use TLS (HTTPS)? If so, the password would be stored on the server using this technique, and is the only one that can decrypt it. The client would save the same password using the same technique. When connecting, the Client would decrypt the stored password and send it to the server using TLS to protect it. The server would automatically decrypt it using TLS and compare it to the decrypted stored password. If it compares, the database would be sent.

    This all assumes that the technique works on the server, which I have not tested.

    J.A. Coutts

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width