C# & SQL Server Authentication

Posted by Peter on Stack Overflow See other posts from Stack Overflow or by Peter
Published on 2010-05-26T20:53:26Z Indexed on 2010/05/26 21:21 UTC
Read the original article Hit count: 234

Filed under:
|
|

Hello,

I'm currently developing a C# app with an SQL Server DB back-end. I'm approaching the point of deployment and hitting a problem. The applicaiton will be deployed within an active directory network. As far as SQL authentication goes, I understand that I have 2 options - Windows Authenticaiton or Server Authenticaiton.

If I use Server Authentication, I'm concerned that the username and password for the account will be stored in plain text in the app.config file, and therefore leave the database vulnerable.

Using Windows Authenticaiton will avoid this issue, however it would mean giving every member of staff within our organisation read/write access to the database in order to run the app correctly. Whilst this is ok, it also means that they can easily connect to the database themselves via other means and directly alter the data outside of the app.

I'm guessing there is someting really obvious I'm missing here, but I've been googling all evening to no avail. Any advice/guidance would be much appreciated!

Peter


Addition - my project is Windows Form based not ASP.NET - is encrypting the app.config file still the right answer? If it is, does anyone have any examples that are not ASP.NET based?

© Stack Overflow or respective owner

Related posts about c#

Related posts about sql-server