在代码中保存 SQL 服务器登录 (C#)
Save SQL Server Login savely in code (C#)
我是一个相当新的开发人员,目前正在开发一个 C# 程序,该程序使用以下代码连接到 MYSQL 服务器:
class MySql
{
private MySqlConnection connection;
private string server;
private string database;
private string uid;
private string password;
//Constructor
public MySql()
{
Initialize();
}
//Initialize values
private void Initialize()
{
server = "mydomain.com";
database = "dbName";
uid = "Username";
password = "Password";
string connectionString;
connectionString = "SERVER=" + server + ";" + "DATABASE=" +
database + ";" + "UID=" + uid + ";" + "PASSWORD=" + password + ";";
connection = new MySqlConnection(connectionString);
}
//open connection to database
private bool OpenConnection()
{
try
{
connection.Open();
return true;
}
catch (MySqlException ex)
{
//When handling errors, you can your application's response based
//on the error number.
//The two most common error numbers when connecting are as follows:
//0: Cannot connect to server.
//1045: Invalid user name and/or password.
switch (ex.Number)
{
case 0:
MessageBox.Show("Cannot connect to server. Contact administrator");
break;
case 1045:
MessageBox.Show("Invalid username/password, please try again");
break;
}
return false;
}
}
//Close connection
private bool CloseConnection()
{
try
{
connection.Close();
return true;
}
catch (MySqlException ex)
{
MessageBox.Show(ex.Message);
return false;
}
}
现在我不太确定如何安全地保存服务器登录信息。
如您所见,在我的代码中,域、用户名和密码只是在代码中公开。
据我所知,不应该那样。
我该如何纠正?还是这样保存就可以了?谢谢!
在 .NET 中,连接字符串通常存储在应用程序的 .config 文件中(web.config 用于 ASP.NET,app.config 用于桌面)。配置文件中的 MySQL 连接字符串示例如下所示:
<connectionStrings>
<add name="MySqlConnectionString"
providerName="MySql.Data.MySqlClient"
connectionString="server=127.0.0.1;uid=root;password=bpdash;database=sample" />
</connectionStrings>
还有一些支持的加密配置文件部分的方法。 Microsoft 文章中讨论了使用连接字符串和加密它们:Connection Strings and Configuration Files
我是一个相当新的开发人员,目前正在开发一个 C# 程序,该程序使用以下代码连接到 MYSQL 服务器:
class MySql
{
private MySqlConnection connection;
private string server;
private string database;
private string uid;
private string password;
//Constructor
public MySql()
{
Initialize();
}
//Initialize values
private void Initialize()
{
server = "mydomain.com";
database = "dbName";
uid = "Username";
password = "Password";
string connectionString;
connectionString = "SERVER=" + server + ";" + "DATABASE=" +
database + ";" + "UID=" + uid + ";" + "PASSWORD=" + password + ";";
connection = new MySqlConnection(connectionString);
}
//open connection to database
private bool OpenConnection()
{
try
{
connection.Open();
return true;
}
catch (MySqlException ex)
{
//When handling errors, you can your application's response based
//on the error number.
//The two most common error numbers when connecting are as follows:
//0: Cannot connect to server.
//1045: Invalid user name and/or password.
switch (ex.Number)
{
case 0:
MessageBox.Show("Cannot connect to server. Contact administrator");
break;
case 1045:
MessageBox.Show("Invalid username/password, please try again");
break;
}
return false;
}
}
//Close connection
private bool CloseConnection()
{
try
{
connection.Close();
return true;
}
catch (MySqlException ex)
{
MessageBox.Show(ex.Message);
return false;
}
}
现在我不太确定如何安全地保存服务器登录信息。 如您所见,在我的代码中,域、用户名和密码只是在代码中公开。
据我所知,不应该那样。
我该如何纠正?还是这样保存就可以了?谢谢!
在 .NET 中,连接字符串通常存储在应用程序的 .config 文件中(web.config 用于 ASP.NET,app.config 用于桌面)。配置文件中的 MySQL 连接字符串示例如下所示:
<connectionStrings>
<add name="MySqlConnectionString"
providerName="MySql.Data.MySqlClient"
connectionString="server=127.0.0.1;uid=root;password=bpdash;database=sample" />
</connectionStrings>
还有一些支持的加密配置文件部分的方法。 Microsoft 文章中讨论了使用连接字符串和加密它们:Connection Strings and Configuration Files