I'm attempting to figure out how to use a single well known login user/password for the db, then use the security system to authenticate, do roles/permissions, etc. I.e. I'm using a more 'web' like system within this winform app. I'm at a loss to determine a secure way to do this. I don't want the user's knowing much of anything about the database they are connecting to. Unfortunately the Connection Manager displays the database name and the user name when a shared settings file is used. The database name is OK (not great, just ok), but the user name is definitely not OK.



I could set the DataSources manually, but then I'm left with a bunch of other security holes, chiefly that most .net approved places to store app settings are done so in clear text or there are significant challenges to encrypt the app.config file.



Also, I will likely want to build the connection based on how they are connecting to the database, either locally or via some sort of VPN (some VPNs I've used required the IP, others the server name). I also need to use the TCP/IP library to connect (to SQL Server 2000), since this is how the VPNs work (at least the ones I'm working with). This all adds up to a quandary about how to connect to the database(s). The app needs to know the user name and passwords for each database it is connecting to, but these need to be secure. It is too easy to decompile a .net app, so placing it in the compiled code is not good. The app.config is clear text and encrypting it causes problems since I can't encrypt it easily in a way that allows any user of the app to decrypt it (as far as I understand it).



Is there any way to store these sorts of settings in a secure file, like the shared settings file for connections? Preferably, it would be just like the shared connections file, in that it could be on a UNC share (or local) or even better a secure web site. Any help would be greatly appreciated!

I attended the class after evaluating SF for only a few days due to the timing of the class, I had until that point been 100% self taught in .NET, I didn't come back a pro, but I was definitely on the right track and was able to be productive with SF as soon as the plane hit the ground. Highly recommended. I continue to learn and as you have seen here already the guys at SF are incredibly helpful.

Keith Chisarik

Right, here goes my testimony ... put a soft song in the background.

I attended the course as well, and I had 0% of knowledge in .NET

Only great things came out of it. I was introduced to the product not only by the developers, but by the questions the other attendees made. So, I can't say I know .NET yet, nor VB.NET, which I decided to use with a little push, but within a month I had an extremely professional application developed, all set with security, layers, integrated reports, in a way I wouldn't dream to have in years of developing myself.

It's a great jump start, that I can tell you.

Cheers.

Thanks for the comments and encouragement from both Keith and Ivan. I'm seriously considering it. I contacted sales and got the details. I'm assuming that Ben, Trent and Steve actually teach this class right?

That's it Greg, these are the ones.