1

I'm a fairly new developer and am currently working on a C# program that connects to a MYSQL Server with the following Code:

    class MySql
{
    private MySqlConnection connection;
    private string server;
    private string database;
    private string uid;
    private string password;

    //Constructor
    public MySql()
    {
        Initialize();
    }

    //Initialize values
    private void Initialize()
    {
        server = "mydomain.com";
        database = "dbName";
        uid = "Username";
        password = "Password";
        string connectionString;
        connectionString = "SERVER=" + server + ";" + "DATABASE=" +
        database + ";" + "UID=" + uid + ";" + "PASSWORD=" + password + ";";

        connection = new MySqlConnection(connectionString);
    }

    //open connection to database
    private bool OpenConnection()
    {
        try
        {
            connection.Open();
            return true;
        }
        catch (MySqlException ex)
        {
            //When handling errors, you can your application's response based 
            //on the error number.
            //The two most common error numbers when connecting are as follows:
            //0: Cannot connect to server.
            //1045: Invalid user name and/or password.
            switch (ex.Number)
            {
                case 0:
                    MessageBox.Show("Cannot connect to server.  Contact administrator");
                    break;

                case 1045:
                    MessageBox.Show("Invalid username/password, please try again");
                    break;
            }
            return false;
        }
    }

    //Close connection
    private bool CloseConnection()
    {
        try
        {
            connection.Close();
            return true;
        }
        catch (MySqlException ex)
        {
            MessageBox.Show(ex.Message);
            return false;
        }
    }

Now I'm not quite sure how to securly save the server logins. As you see, in my code, domain, username and Password are just openly in the code.

And as far as I know, that shouldn't be that way.

How can I correct that? Or is it save to store it like that? Thanks!

Timothy Lukas H.
  • 684
  • 2
  • 9
  • 19
  • You can store db logins inside the config file and use `ConfigurationManager` to read those values out of the config. If you are using .net-core, you can store them in the `appsettings.json` file and read them out of there. It may also help if you encrypt your user name and password strings and then decrypt them in your application. – Ryan Wilson Nov 01 '18 at 19:33
  • @Timothy Are you distributing copies this application to users? Or is it a server hosted application? – AaronLS Nov 01 '18 at 19:36
  • @Icemanind Thank you for the answer, but the username and passwort is not for the user, but to connect to my database in the first place. – Timothy Lukas H. Nov 01 '18 at 19:37
  • @AaronLS I mainly plan to use it by myself locally. So not web-based. – Timothy Lukas H. Nov 01 '18 at 19:38
  • @RyanWilson Thank you, will try that! – Timothy Lukas H. Nov 01 '18 at 19:38
  • @TimothyLukasH. No problem. I think Gabriel's answer below will help you as it has a link to how to encrypt the config file. – Ryan Wilson Nov 01 '18 at 19:40
  • @RyanWilson Yes, I will try it imidetly. Thank you for answering too! – Timothy Lukas H. Nov 01 '18 at 19:41

1 Answers1

1

In .NET, connection strings are normally stored in the .config file for the application (web.config for ASP.NET, app.config for desktop). An example of a MySQL connection string in a config file would look something like this:

<connectionStrings>  
  <add name="MySqlConnectionString"
   providerName="MySql.Data.MySqlClient"
   connectionString="server=127.0.0.1;uid=root;password=bpdash;database=sample" />
</connectionStrings>

Then there are supported methods of encrypting that section of the config file. Both using connection strings and encrypting them are discussed in this Microsoft article: Connection Strings and Configuration Files

Gabriel Luci
  • 38,328
  • 4
  • 55
  • 84