+ 1

C# WPF SQL Login Database

Hello, i created a WPF Login with a SQL Database, the problem is, the SQL connection string is inside of the wpf so the user can see this string if they open the Application data's. i don't even want them to own the data's but i don't know how to stream the data's .. So how can I secure my SQL connection string? Also i don't know how I can add a register system so they can register in the wpf Application and they are added on the SQL server then also. Thank u very much guys

9th Nov 2021, 9:00 PM
Lu-DS
Lu-DS - avatar
11 odpowiedzi
+ 1
https://youtu.be/rFncI9yfY-E Tim Corey talks on connection strings and it's pretty comprehensive.
10th Nov 2021, 4:39 AM
Kail Galestorm
Kail Galestorm - avatar
+ 1
The password does not have to be hashed in the db if you don't want it to be. Again, it will be encrypted over the net and the user will already have it so it doesn't matter. So for your app, you should have a default user that the app comes with. That user should only be allowed to execute a "register user" store procedure. You would need to find a way of preventing someone from just creating a bunch of accounts but, that will allow any new user to create a login. Contemporary solutions use OAuth2 making use of an authentication broker to make sure users are real and prevent them from making lots of bogus accounts. This would save a hashed version of some password that they have in say Google, Google would ping your server to see if the hash matches and pass an authenticated user back if they do.
10th Nov 2021, 9:42 PM
Kail Galestorm
Kail Galestorm - avatar
0
Look into 3 layer application development. There are many data access solutions patterns out there. I usually go with ReST API for all data access. You can also use windows authentication and encrypted configuration files
10th Nov 2021, 1:19 AM
Kail Galestorm
Kail Galestorm - avatar
0
What's 3 layer application development? (Started c# 5 months ago and just wrote wpf applications sorry :(. )
10th Nov 2021, 4:19 AM
Lu-DS
Lu-DS - avatar
0
So quick and dirty, 3 layer application development splits your app into 3 parts: UI, Business logic, and data access. It is meant to address many concerns regarding application development including the one you have stumbled onto e.g "we don't want the user to have access to our connection string". The methodology goes deeper and looks at development from a " Solution" standpoint rather than just an application.
10th Nov 2021, 4:31 AM
Kail Galestorm
Kail Galestorm - avatar
0
Alright then how to split the data? I'm a bit confused tbh
10th Nov 2021, 4:56 AM
Lu-DS
Lu-DS - avatar
0
Welp it would be too difficult to type it all here and, many people have outlined these concepts way better than I ever could. Just YouTube or Google it. I will point out that if your app is just a sql login form that the user fills out with a username and password then, it would not matter if they have the connection string sense they already have a user name and password in the db.
10th Nov 2021, 5:36 PM
Kail Galestorm
Kail Galestorm - avatar
0
Alright, do u know how to hash the password?
10th Nov 2021, 6:18 PM
Lu-DS
Lu-DS - avatar
0
For sending over the net to your server the data is already encrypted. You can hash the password in the db and send the password from your apphttps://stackoverflow.com/questions/4181198/how-to-hash-a-password For hiding the password in the ui, if you are using wpf, use the PasswordBox control.
10th Nov 2021, 7:20 PM
Kail Galestorm
Kail Galestorm - avatar
0
do i need to hash the password in my DB? is it illegal when I won't? Because it works well without password hashing rn. Also i need to put the users in my DB manually. i already designed a Register in WPF but i don't know how to code it that the users can register and they are in my DB then
10th Nov 2021, 8:51 PM
Lu-DS
Lu-DS - avatar
0
yeah I thought about a license key, but how i said i don't know how to insert the register users into the DB, i tried it but my Program crashed then
11th Nov 2021, 4:43 AM
Lu-DS
Lu-DS - avatar