[nhusers] How to encrypt the "connection string" in nhibernate.cfg.xml
1,543 views
Skip to first unread message
Visar Uruqi
Apr 20, 2010, 7:37:14 AM4/20/10
to nhusers
Hello
I want to deploy an application to several clients, but I can't
because,
the connection string in nhibernate.cfg.xml is editable, and there is
also the password and username of the DB.
Is there a way to encrypt it? and decrypt it back in the application?
I thought writing an XML file with all the configuration stuff,
encrypt it,
and reading the file inside the application decrypting it building
the
configuration in runtime, but thought maybe you have a better idea.
(The thing is I want to be able to edit the connection string some day
in case of troubleshooting, but also hide it from the client)
Thank you for helping
--
You received this message because you are subscribed to the Google Groups "nhusers" group.
To post to this group, send email to nhu...@googlegroups.com.
To unsubscribe from this group, send email to nhusers+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/nhusers?hl=en.
I want to deploy an application to several clients, but I can't
because,
the connection string in nhibernate.cfg.xml is editable, and there is
also the password and username of the DB.
Is there a way to encrypt it? and decrypt it back in the application?
I thought writing an XML file with all the configuration stuff,
encrypt it,
and reading the file inside the application decrypting it building
the
configuration in runtime, but thought maybe you have a better idea.
(The thing is I want to be able to edit the connection string some day
in case of troubleshooting, but also hide it from the client)
Thank you for helping
--
You received this message because you are subscribed to the Google Groups "nhusers" group.
To post to this group, send email to nhu...@googlegroups.com.
To unsubscribe from this group, send email to nhusers+u...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/nhusers?hl=en.
Jason Dentler
Apr 20, 2010, 8:04:05 AM4/20/10
to nhu...@googlegroups.com
Hi Visar,
You might try putting it in the app.config, then encrypt it and reference it from your NHibernate configuration using the connection string name property.
Thanks,
Jason
Visar Uruqi
Apr 20, 2010, 3:21:10 PM4/20/10
to nhusers
Can you describe more in detail the process please,
specially, the process of encryption and decryption?
Some parameters are not in my control for example
nhibernate grabs the connection string without I knowing when?
So how does the decryption take place?
visar
> > nhusers+u...@googlegroups.com<nhusers%2Bunsu...@googlegroups.com>
> > .
>
> - Show quoted text -
specially, the process of encryption and decryption?
Some parameters are not in my control for example
nhibernate grabs the connection string without I knowing when?
So how does the decryption take place?
visar
> > .
> > For more options, visit this group at
> >http://groups.google.com/group/nhusers?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups "nhusers" group.
> To post to this group, send email to nhu...@googlegroups.com.
> To unsubscribe from this group, send email to nhusers+u...@googlegroups.com.
> For more options, visit this group athttp://groups.google.com/group/nhusers?hl=en.- Hide quoted text -
> >http://groups.google.com/group/nhusers?hl=en.
>
> --
> You received this message because you are subscribed to the Google Groups "nhusers" group.
> To post to this group, send email to nhu...@googlegroups.com.
> To unsubscribe from this group, send email to nhusers+u...@googlegroups.com.
>
> - Show quoted text -
José F. Romaniello
Apr 20, 2010, 5:38:34 PM4/20/10
to nhu...@googlegroups.com
Another approach is to store an encrypted connection string in hibernate.cfg.xml
Inherit DriverConnectionProvider and override the property get ConnectionString in order to decrypt the string.
Then in your hibernate.cfg.xml use
<property name="connection.provider">My.Assembly.DecryptConnectionProvider, My.Assembly</property>
2010/4/20 Jason Dentler <jasond...@gmail.com>
Jason Dentler
Apr 21, 2010, 2:05:09 AM4/21/10
to nhu...@googlegroups.com
Being a web guy, I immediately thought of aspnet_regiis encryption, which doesn't really apply to desktop apps, but is completely transparent to the application.
Visar Uruqi
Apr 21, 2010, 10:07:40 AM4/21/10
to nhusers
Yes I found this article too, thanks anyway for posting.
I immediately tried the code explained below the article
http://msdn.microsoft.com/en-us/library/89211k9b(VS.80).aspx
the code in this method:
ToggleConfigEncryption(string exeConfigName) does all the
magic of encryption, the decryption process is only needed when you
have to change the connection string.
I removed the parameter in nhibernate.cfg.xml
<property name="connection.connection_string">
Data source=MyDatabase.s3db;Version=3
</property>
I placed the connection string in the app.config
<add name="SQLiteCon"
connectionString="Data source=MyDatabase.s3db;Version=3"/>
Then I went again to nhibernate.cfg.xml and placed this
<property name="connection.connection_string_name">SQLiteCon</
property>
at the startup of my application I ensured that the app.config is
encrypted with
the ToggleConfigEncryption("MyApp.exe") command explained in the
article.
It did wonderfully worked, but I didn't understand the process of
decryption
in runtime, how, when etc!
Jason Dentler can you tell me something about SQLite db its seems
your familiar with it according to your BLOG, I have some questions:
1) What is the capacity if SQLite? How many GB of information can it
hold?
2) I don't know how to set up a relative path to my connection string
I tried
..\..\MyDb.s3db etc.. but it seems it does not create it where I want
it seems somehow it holds it in memory, because if I specify such a
relative
file path the file disappears, but when I run the application it does
work
and the information are saved and retrieved, also after I exit and
start
again the application, it somehow stores in some secret place but I
cannot
find it.
3) If you had to deploy something with embedded databse which embedded
DB
would you choose?
Visar
On Apr 21, 8:05 am, Jason Dentler <jasondent...@gmail.com> wrote:
> Being a web guy, I immediately thought of aspnet_regiis encryption, which
> doesn't really apply to desktop apps, but is completely transparent to the
> application.
>
> Combined with Jose's suggestion, this might do the trick for you.http://msdn.microsoft.com/en-us/library/89211k9b(VS.80).aspx
> > <nhusers%2Bunsu...@googlegroups.com<nhusers%252Bunsubscribe@googlegroups.com>
I immediately tried the code explained below the article
http://msdn.microsoft.com/en-us/library/89211k9b(VS.80).aspx
the code in this method:
ToggleConfigEncryption(string exeConfigName) does all the
magic of encryption, the decryption process is only needed when you
have to change the connection string.
I removed the parameter in nhibernate.cfg.xml
<property name="connection.connection_string">
Data source=MyDatabase.s3db;Version=3
</property>
I placed the connection string in the app.config
<add name="SQLiteCon"
connectionString="Data source=MyDatabase.s3db;Version=3"/>
Then I went again to nhibernate.cfg.xml and placed this
<property name="connection.connection_string_name">SQLiteCon</
property>
at the startup of my application I ensured that the app.config is
encrypted with
the ToggleConfigEncryption("MyApp.exe") command explained in the
article.
It did wonderfully worked, but I didn't understand the process of
decryption
in runtime, how, when etc!
Jason Dentler can you tell me something about SQLite db its seems
your familiar with it according to your BLOG, I have some questions:
1) What is the capacity if SQLite? How many GB of information can it
hold?
2) I don't know how to set up a relative path to my connection string
I tried
..\..\MyDb.s3db etc.. but it seems it does not create it where I want
it seems somehow it holds it in memory, because if I specify such a
relative
file path the file disappears, but when I run the application it does
work
and the information are saved and retrieved, also after I exit and
start
again the application, it somehow stores in some secret place but I
cannot
find it.
3) If you had to deploy something with embedded databse which embedded
DB
would you choose?
Visar
On Apr 21, 8:05 am, Jason Dentler <jasondent...@gmail.com> wrote:
> Being a web guy, I immediately thought of aspnet_regiis encryption, which
> doesn't really apply to desktop apps, but is completely transparent to the
> application.
>
> > >
> > > > .
> > > > For more options, visit this group at
> > > >http://groups.google.com/group/nhusers?hl=en.
>
> > > --
> > > You received this message because you are subscribed to the Google Groups
> > "nhusers" group.
> > > To post to this group, send email to nhu...@googlegroups.com.
> > > To unsubscribe from this group, send email to
> > nhusers+u...@googlegroups.com<nhusers%2Bunsu...@googlegroups.com>
> > .
> > > For more options, visit this group athttp://
> > > > .
> > > > For more options, visit this group at
> > > >http://groups.google.com/group/nhusers?hl=en.
>
> > > --
> > > You received this message because you are subscribed to the Google Groups
> > "nhusers" group.
> > > To post to this group, send email to nhu...@googlegroups.com.
> > > To unsubscribe from this group, send email to
> > nhusers+u...@googlegroups.com<nhusers%2Bunsu...@googlegroups.com>
> > .
> > > For more options, visit this group athttp://
Visar Uruqi
Apr 21, 2010, 10:16:21 AM4/21/10
to nhusers
Just for the record, I found this article
http://japikse.blogspot.com/2008/06/custom-connection-provider-with.html
explaining the Custom Connection provider for nhibernate, if you want
to handle
the encryption yourself.
Visar Uruqi
On Apr 21, 4:07 pm, Visar Uruqi < visar.ur...@gmail.com> wrote:
> Yes I found this article too, thanks anyway for posting.
>
> I immediately tried the code explained below the articlehttp://msdn.microsoft.com/en-us/library/89211k9b(VS.80).aspx
> > For more options, visit this group athttp://groups.google.com/group/nhusers?hl=en.-Hide quoted text -
http://japikse.blogspot.com/2008/06/custom-connection-provider-with.html
explaining the Custom Connection provider for nhibernate, if you want
to handle
the encryption yourself.
Visar Uruqi
On Apr 21, 4:07 pm, Visar Uruqi < visar.ur...@gmail.com> wrote:
> Yes I found this article too, thanks anyway for posting.
>
Jason Dentler
Apr 21, 2010, 11:09:54 AM4/21/10
to nhu...@googlegroups.com
Hi Visar,
I'm sorry. I can't be of much help with your specific SQLite questions. I stick to web applications. I only use SQLite for testing, and only the in-memory database. I don't know what the limit really is, as my tests generally don't use more than a dozen records. I have seen some mention of 4GB, but I don't know if this is accurate.
Thanks,
Jason
Reply all
Reply to author
Forward
0 new messages