Suddenly a need for dynamic server information

jwcoleman87

Well-known member
Joined
Oct 4, 2014
Messages
124
Programming Experience
Beginner
So right now the connection information for the database server my application runs off of is embedded into the code. I knew from the beginning that this was a very temporal way of working it and now the time has come that there may be a demand for my application in other parts of the country (exciting!). I'm not really sure where to begin when it comes to managing server information in a very secure way. I know that I can possibly use an INI file for server information and printer setups. My question is how should I handle the actual security information, should I leave it embedded in the code, or is there a better way? Currently we are using SQL authentication, we decided this would be easier to manage as there was one login, which we could set up permissions for. Windows authentication didn't seem like a good idea as there would be possibly up to a hundred users, all needing their permissions managed (bleh).

Any suggestions, tips, resources, links on where to start?
 
You wouldn't use an INI file. .NET has a configuration built in so you would use that. It even has the ability to encrypt the information in config file for security. If you add application settings on the Settings page of the project properties then they will be stored in the config file by default. If you use a tool to create data access objects then the connection string will be stored in the config file by default. There is loads of information that is understood automatically by the .NET Framework that can be added to the config file and it also allows you to store your own custom information there too.

I would suggest that you read about configuration at MSDN to begin with and branch out from there as you realise what other things you need to learn. With the security aspect in mind, check this out too:

Protected Configuration (Encrypting Config Files)
 
Back
Top