Connection strings - securing/protecting

Discussion in 'Site Programming, Development and Design' started by erniethomason, Feb 23, 2021.

  1. I will be using C#'s SqlConnection to connect to SQL Server. I will need connection strings, and I don't want to include passwords in my source code. In Microsoft Azure, you can save a connection string within, and the app will automatically pick it up.

    1) For connecting to a Winhost SQL Server, what's a good and simple approach?

    2) I was originally interested in connecting to Azure SQL Server and other data (BLOBs, Tables) on Azure, directly from Winhost code. But I'd need to keep my password secure, both in rest and during any inital connect across the internet. It sounds dangerious. Is that true? I'm curious if someone would say, "ah, do it. no problem with security". But my guess is I shouldn't even bother looking into it. A work around would be to make API calls over https and keep all data access code in Azure.

    Thanks for any insight.
    Last edited: Feb 23, 2021
  2. FredC

    FredC Winhost Staff

    1) Unfortunately, we do not support web.config encryption currently.

    2) Connection encryption. You can set the connection to encrypted.

    For example

    "Data;Initial Catalog=[DBName];User ID=[DBLogin];Password=******;Integrated Security=False;Encrypt=True;TrustServerCertificate=True"

    See for more details.

Share This Page