How to deploy SECURE and PORTABLE application

Printable View

Dec 4th, 2002, 03:01 AM
Marivic

How to deploy SECURE and PORTABLE application

Hi all,

I made (I think!) a portable app wherein the connection string is in a separate config file ([app].exe.config). So when changing values for the connection string, you dont have to compile the app, just change the value from the config file.

However, when you deploy the application to the client machine, you have to include the config file in you deployment project else, when you install the apps on the target machine, a 'ConnectionString property has not been initialized' error will be displayed. If the config file is to be distributed to every client, that will pose great security risk for the userid and password of your database plus the dataserver server name are encoded in the config file, they aren't encrypted.

Does somebody know a way how to distribute a portable yet secure application?

Thanks in advance,
Marivic
Dec 4th, 2002, 03:22 AM
hellswraith

Create user roles in your database.

Have everyone that is using the app login (when using the app). Your app will send the logon information to the DB when it builds its connection string. This makes it to where you don't even have to distribute a userid and password with your application. You can use the windows logon so they don't even need to type anything into your app, your app will just know.

You will have to decide if the database is that important for you to protect it that much, or whether your current configuration is suitable.
Dec 4th, 2002, 04:00 AM
Marivic

Hi hellswraith,

Thanks for replying but I'm afraid I didn't follow you.

My [app].exe.config is where I specify the connection string from my app to the database. Our database admin gave me a userid and a password for development purpose. However, when deploying, our db admin just needs to change the value from the config file to connect to the production db server without compiling the application. That's the scenario.

Can you kindly explain further your suggestion. This is my first time developing and deploying VB.Net apps.

Thanks again,
Marivic
Dec 4th, 2002, 04:10 AM
nightshift

i think he means that when a user starts your app, he/she is prompted with a login screen: username, password are entered and the program uses this username and password in the db connection string...
Dec 4th, 2002, 04:22 AM
Marivic

Ok. But how about the the db server name? I think that's also needed to connect to the database.