Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 4 years ago.
Improve this question
All my grids and combo boxes bound to dataset/adapter which the connection string set in app config, but the connection string is included in primary output when installed in my client. i tried to exclude it because the connection string contain my database password, but my app returned an exception.
<connectionStrings>
<add name="HNBS_SALON_SPA.My.MySettings.dbhnbspapuaConnectionString"
connectionString="Provider=Microsoft.ACE.OLEDB.12.0;Data Source="mydb.accdb";Persist Security Info=True;Jet OLEDB:Database Password=abcdefg"
providerName="System.Data.OleDb" />
</connectionStrings>
thanks to #ashleedawg , I searched more threads and articles about encryption and found some :
https://weblogs.asp.net/jongalloway/encrypting-passwords-in-a-net-app-config-file
and
ConnectionStrings in app.config. What about security?
Now I convert the code to vb.net and modify it to my need (section key) and i now be able to encrypt the app.config.
Private Sub EncryptConfigSection()
Dim Config As Configuration
Dim Section As ConfigurationSection
Config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None)
Section = Config.GetSection("connectionStrings")
If (Section IsNot Nothing) Then
If (Not Section.SectionInformation.IsProtected) Then
If (Not Section.ElementInformation.IsLocked) Then
Section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider")
Section.SectionInformation.ForceSave = True
Config.Save(ConfigurationSaveMode.Full)
End If
End If
End If
End Sub
although it is needed to run the app for at least 1 time to make the encryption run but it's what i need right now.
You can hide the connection string by encrypting it in web.config.
See it with example here.
If you mean making web.config file invisible for system users, it would make in invisible for your application. If you make it visible for your application, it means any user having sufficient privileges will be able to read. You can only work-around it not having connection string at all in this file.
For example, you could specially design ciphered storage (say, based on XML file), decode it on the fly and code assignment of you connection string programmatically in your application.
Encryption will be the best approach to hide the information. Why the connection string kind of information stored in webconfig in, there is no need to compile the code again if its changed and its ease to access globally. If Encryption/Decryption method is followed be extra care while you changing the userid and password in the string.
For example you can refer this article.
(Source)
More Information:
Stack Overflow : How to securely store a connection string in a WinForms application?
Related
I inherited a program written in VB.NET. I want to host the installer and documentation for the program in a SharePoint Online library. The SPO library allows View/Read-only access to "Everyone except external users" but it does not allow anonymous access. I want the program to check the SPO library for an updated version when it launches.
I envisioned a simple function like this:
Private Function getVersion() As String
Using client As New WebClient
getVersion = client.DownloadString("https://companyname.sharepoint.com/site/library/version.txt")
End Using
End Function
where version.txt contains nothing but the current version number.
However, this function throws an IOException stating that the connection was forcibly closed by the remote host. I think this is because the SPO site requires authentication.
I don't want to add a user login step solely for this one thing. This probably means an SPO site that requires authentication is not the ideal place for my version.txt file to reside, but I'm also trying to avoid solutions that require me to jump through hoops and involve others to get it to work. I'm the only developer for this program, so I'd like to be able to publish an update without having to wait for someone else to do something (like update a web server that I don't have access to).
Suggestions for a simple technique to achieve my goal?
In your Using block, before the line with DownloadString, set the Credentials of your WebClient:
Private Function getVersion() As String
Using client As New WebClient
client.Credentials = CredentialCache.DefaultCredentials
getVersion = client.DownloadString("https://companyname.sharepoint.com/site/library/version.txt")
End Using
End Function
The DefaultCredentials will be the credentials of the currently logged in Windows user.
See the docs on System.Net.WebClient.
My file (c:\mydb.accbe) has protection against the shift bypass, hidden access object window protection, disabled ctrl-g, hotkey bypass protection, etc. Project is also password protected, then compiled, and encrypted.
The problem is any user with read access to that accde file can create a new access project and create an instance of the protected file of that project using this code:
Dim appAccess As Access.Application
Set appAccess = CreateObject("Access.Application")
appAccess.OpenCurrentDatabase = "c:\mydb.accbe"
Now they can call any public function of that instance, for example:
call appAccess.run("thisIsPublicFunctionIn_mydb")
I can see two potential ways to mitigate this:
1# Any potentially sensitive function would get an extra parameter that contains the 'security' code.
2# Add some security by obscurity by renaming all the functions to random numbers at the end.
Other then using a real programming language (sadly not an option), got any suggestions on how I can detect this or protect against it?
When the app is opened through automation the UserControl property is updateable, so that is not really an option.
You cannot prevent that from happening. Best you can do is use a SQL server backend, where you tightly control permissions on tables, and use procs (with permissions) to update sensitive data.
I believe that application.UserControl does something around this. I've just tried, and seems to be ok for opening via access.application
Good day, would anybody be so generous to help me out. I have this project, vb10 with MySql. My connection uses app.config to supply all the connection requirements. Now my problem is how do I write in app.config file if I wanted to edit the connection requirements such us server, user, pass or dbname. I've searched through the net but to no avail. I've got this code:
Dim config As Configuration = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None)
config.AppSettings.Settings("user").Value = "hello" 'sample new value
config.Save(ConfigurationSaveMode.Modified)
ConfigurationManager.RefreshSection("appSettings")
however, it does not change anything to the app.config. Please guys, need help badly.
I have a client application consuming a WCF service throws an Error
Object reference not set to an instance of an object.
Details:
I am using WCF service with Microsoft Enterprise library for database connectivity, the service runs fine in the self hosted environment but throws an error if hosted as a windows service. I am not able to debug the WCF service, since it is hosted as windows service, so i tried using try catch blocks to find out, where the problem is.
I came across these two lines which i found to be most suspicious
Database db = DatabaseFactory.CreateDatabase();
DbConnection conn = db.CreateConnection();
I have already set my default database in config file. i think the second line must be the cause.
Please help.
Tried to find similar question on stack overflow but failed, hence posted.
Appended Question statement with error snap + stack trace...
stack trace
at Microsoft.Practices.EnterpriseLibrary.Data.DatabaseConfigurationView.get_DefaultName()
at Microsoft.Practices.EnterpriseLibrary.Data.DatabaseMapper.MapName(String name, IConfigurationSource configSource)
at Microsoft.Practices.EnterpriseLibrary.Common.Configuration.ObjectBuilder.ConfigurationNameMappingStrategy.BuildUp(IBuilderContext context, Type t, Object existing, String id)
at Microsoft.Practices.ObjectBuilder.BuilderBase`1.DoBuildUp(IReadWriteLocator locator, Type typeToBuild, String idToBuild, Object existing, PolicyList[] transientPolicies)
at Microsoft.Practices.ObjectBuilder.BuilderBase`1.BuildUp(IReadWriteLocator locator, Type typeToBuild, String idToBuild, Object existing, PolicyList[] transientPolicies)
at Microsoft.Practices.ObjectBuilder.BuilderBase`1.BuildUp[TTypeToBuild](IReadWriteLocator locator, String idToBuild, Object existing, PolicyList[] transientPolicies)
at Microsoft.Practices.EnterpriseLibrary.Common.Configuration.ObjectBuilder.EnterpriseLibraryFactory.BuildUp[T](IReadWriteLocator locator, IConfigurationSource configurationSource)
at Microsoft.Practices.EnterpriseLibrary.Common.Configuration.ObjectBuilder.EnterpriseLibraryFactory.BuildUp[T](IConfigurationSource configurationSource)
at Microsoft.Practices.EnterpriseLibrary.Common.Configuration.ObjectBuilder.NameTypeFactoryBase`1.CreateDefault()
at Microsoft.Practices.EnterpriseLibrary.Data.DatabaseFactory.CreateDatabase()
at WCFService.Service1.ExecuteSFDS(Cmd CmdObj, Int32 executionType) in D:\Projects\WCFService\WCFService\Service1.cs:line 32
I am almost positive this is because the app.config is not copied to the output. Make sure that the config file is in the directory where your process runs from with the following name "YourServiceName".exe.config
If it is, while debugging see if you can use the ConfigurationManager to get the connection string, also, make sure the name of your connection string is correct.
EDIT
End result from comment:
I was missing the connection string in the output config file, and secondly i had defined the same endpoint and base Address, so i just changed the EndPoint address to "".
A Windows Service generally run under an identity of "Local System" or "Network System".
If your database connection using Windows Integrated Security, you will find it failing to connect to the database.
A quick work around is to run your service under named user on your workgroup/domain that has access to the database.
Despite my lack of coding knowledge I managed to write a small little app in VB net that a lot of people are now using. Since I made it for free I have no way of knowing how popular it really is and was thinking I could make it ping some sort of online stat counter so I could figure out if I should port it to other languages. Any idea of how I could ping a url via vb without actually opening a window or asking to receive any data? When I google a lot of terms for this I end up with examples with 50+ lines of code for what I would think should only take one line or so, similar to opening an IE window.
Side Note: Would of course fully inform all users this was happening.
Just a sidenote: You should inform your users that you are doing this (or not do it at all) for privacy concerns. Even if you aren't collecting any personal data it can be considered a privacy problem. For example, when programs collect usage information, they almost always have a box in the installation process asking if the user wants to participate in an "anonymous usage survey" or something similar. What if you just tracked downloads?
Might be easier to track downloads (assuming people are getting this via HTTP) instead of installs. Otherwise, add a "register now?" feature.
You could use something simple in the client app like
Sub PingServer(Server As String, Port As Integer)
Dim Temp As New System.Net.Sockets();
Temp.Connect(Server, Port)
Temp.Close()
End Sub
Get your webserver to listen on a particular port and count connections.
Also, you really shouldn't do this without the user's knowledge, so as others have said, it would be better to count downloads, or implement a registration feature.
I assume you are making this available via a website. So you could just ask people to give you their email address in order to get the download link for the installer. Then you can track how many people add themselves to your email list each month/week/etc. It also means you can email them all when you make a new release so that they can keep up to date with the latest and greatest.
Note: Always ensure they have an unsubscribe link at the end of each email you send them.
The guys over at vbdotnetheaven.com have a simple example using the WebClient, WebRequest and HttpWebRequest classes. Here is their WebClient class example:
Imports System
Imports System.IO
Imports System.Net
Module Module1
Sub Main()
' Address of URL
Dim URL As String = http://www.c-sharpcorner.com/default.asp
' Get HTML data
Dim client As WebClient = New WebClient()
Dim data As Stream = client.OpenRead(URL)
Dim reader As StreamReader = New StreamReader(data)
Dim str As String = ""
str = reader.ReadLine()
Do While str.Length > 0
Console.WriteLine(str)
str = reader.ReadLine()
Loop
End Sub
End Module
.NET? Create an ASMX Web Service and set it up on your web site. Then add the service reference to your app.
EDIT/CLARIFICATION: Your Web Service can then store passed data into a database, instead of relying on Web Logs: Installation Id, Install Date, Number of times run, etc.