+ 1
C# WPF SQL Login Database
Hello, i created a WPF Login with a SQL Database, the problem is, the SQL connection string is inside of the wpf so the user can see this string if they open the Application data's. i don't even want them to own the data's but i don't know how to stream the data's .. So how can I secure my SQL connection string? Also i don't know how I can add a register system so they can register in the wpf Application and they are added on the SQL server then also. Thank u very much guys
11 Respostas
+ 1
https://youtu.be/rFncI9yfY-E Tim Corey talks on connection strings and it's pretty comprehensive.
+ 1
The password does not have to be hashed in the db if you don't want it to be. Again, it will be encrypted over the net and the user will already have it so it doesn't matter. So for your app, you should have a default user that the app comes with. That user should only be allowed to execute a "register user" store procedure. You would need to find a way of preventing someone from just creating a bunch of accounts but, that will allow any new user to create a login. Contemporary solutions use OAuth2 making use of an authentication broker to make sure users are real and prevent them from making lots of bogus accounts. This would save a hashed version of some password that they have in say Google, Google would ping your server to see if the hash matches and pass an authenticated user back if they do.
0
Look into 3 layer application development. There are many data access solutions patterns out there. I usually go with ReST API for all data access. You can also use windows authentication and encrypted configuration files
0
What's 3 layer application development? (Started c# 5 months ago and just wrote wpf applications sorry :(. )
0
So quick and dirty, 3 layer application development splits your app into 3 parts: UI, Business logic, and data access. It is meant to address many concerns regarding application development including the one you have stumbled onto e.g "we don't want the user to have access to our connection string". The methodology goes deeper and looks at development from a " Solution" standpoint rather than just an application.
0
Alright then how to split the data? I'm a bit confused tbh
0
Welp it would be too difficult to type it all here and, many people have outlined these concepts way better than I ever could. Just YouTube or Google it. I will point out that if your app is just a sql login form that the user fills out with a username and password then, it would not matter if they have the connection string sense they already have a user name and password in the db.
0
Alright, do u know how to hash the password?
0
For sending over the net to your server the data is already encrypted. You can hash the password in the db and send the password from your apphttps://stackoverflow.com/questions/4181198/how-to-hash-a-password For hiding the password in the ui, if you are using wpf, use the PasswordBox control.
0
do i need to hash the password in my DB? is it illegal when I won't? Because it works well without password hashing rn. Also i need to put the users in my DB manually. i already designed a Register in WPF but i don't know how to code it that the users can register and they are in my DB then
0
yeah I thought about a license key, but how i said i don't know how to insert the register users into the DB, i tried it but my Program crashed then