Connectionstrings: Write to app.config or windows registry?

Asked

Viewed 380 times

0

My question relates to what is the best way to maintain the ConnectionString of my system on disk to be read as needed, ie what is the best way to do this by writing it to the file app.config, or recording on registration of Windows?

What are the advantages and disadvantages of each?

Note: I created it DLLs that encrypt my ConnectionString, and I’m working on two DLLs that will assist me in connecting to the database, but I need to know which place to record the ConnectionString already encrypted, where is more secure, etc.

Anyway, it’s a seemingly silly question, but it made me curious. Today I’m doing based on registration of Windows, but again, I would like to cast doubt on which is better.

1 answer

5


The fewer setup points you have, the less complex your code will be and the easier it will be to install and maintain the application. So you’ll probably have more stuff than the connection string in your app.config, distribute it, or create encryption classes only increases complexity, having to keep two separate places for maintenance. Another thing, the windows registry is a relatively delicate location, you shouldn’t have to worry about it when le connection string, nor when backing up your production environment settings, just copy a text file (encrypted or not).

If you implement publishing strategies like Seamless Integration or Seamless Delivery, you can see very clearly the advantage this represents in making a new version available. Since publishing a version should be something simple and routine.

This is well discussed here: https://stackoverflow.com/questions/5803188/encrypting-connectionstrings-section-utility-for-app-config (english).

If you don’t want to use the strategy discussed there, you can simply use the encryption tools. net to generate the encrypted string and store it in an app.config key doing so in your installer and using some reversible encryption algorithm. You don’t need to implement this, the . net implements these features since version 2.0 of the framework, just configure the . config with a protected session and change your code to something like:

static void ToggleConfigEncryption(string exeConfigName)
{
    // Takes the executable file name without the
    // .config extension.
    try
    {
        // Open the configuration file and retrieve 
        // the connectionStrings section.
        Configuration config = ConfigurationManager.
            OpenExeConfiguration(exeConfigName);

        ConnectionStringsSection section =
            config.GetSection("connectionStrings")
            as ConnectionStringsSection;

        if (section.SectionInformation.IsProtected)
        {
            // Remove encryption.
            section.SectionInformation.UnprotectSection();
        }
        else
        {
            // Encrypt the section.
            section.SectionInformation.ProtectSection(
                "DataProtectionConfigurationProvider");
        }
        // Save the current configuration.
        config.Save();

        Console.WriteLine("Protected={0}",
            section.SectionInformation.IsProtected);
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex.Message);
    }
}

You can read the detailed instructions (documentation) on how to do this here: https://msdn.microsoft.com/en-us/library/ms254494(v=vs.100). aspx? Cs-save-lang=1&Cs-lang=csharp#code-snippet-4

Browser other questions tagged

You are not signed in. Login or sign up in order to post.