We all know that web.config can save the connection string, we are doing this in the program, web.config is XML, so it has a clear structure, it is easy to read it, but this also has a Question, our database is completely exposed to people who browse the file, this is what we don't want. We can use a simple and effective encryption algorithm to encrypt this connection character, and people who directly browse the file cannot be clearly seen.
We generally save the connection string in the form of:
In order to understand these encrypted characters, we need an additional program to generate these encrypted data (this extra program can be written very complicated but for explanation, we use simple base64 encoded data, this is not encryption Data, but the principle is the same). We build a WinForm project that is specifically used to generate clear text to ciphertext (base64) conversions, if other encryption algorithms can replace this encryption process. The code inside the conversion button is as follows:
Private void button1_click (Object sender, system.eventargs e) {
Byte [] data = system.text.asciiencoding.ascii.getbytes (this.TextBox1.text);
String str = convert.tobase64string (data);
This.TextBox2.text = STR;
}
The TEXTBOX2 is the character after the variable code. We can take the connection characters in our web.config ("Server = localhost; database = TEST; PWD = SA; UID = SA;") taken out in this program to perform a new string (C2VydmvyPwxvy2FSAG9ZDDTKYXRHYMFZT10ZXN0O3B3ZD1ZYTT1AWQ9C2E7).
Then we use this character to replace the uncoded string. As follows:
Haha! I can't see it! But our procedure doesn't know :-( Don't matter, we know that the encryption algorithm so our program can understand, and finally how to use it in the program, our program needs to understand the meaning of this string, we are in the data access layer Add the following tool method
Private string getConnectionstring () {
String strconn = system.configuration.configurationSettings.Appsettings ["connectionstring"];
Byte [] Data = Convert.FromBase64String (StrConn);
String strrealconn = system.text.asciiencoding.ascii.getstring (data); return strRealconn;
}
This allows you to get a real connection string.
A simple encryption (pseudo-encryption, in fact, this article is a method of encoding rather than encryption), maybe you can deceive some people's eyes, but what is the role of understanding the insider or what protects, so you can Extend this algorithm, replacing the encoding algorithm in the case using a symmetric or asymmetric encryption algorithm, which is basically unlunname. To use the encryption algorithm encryption data, please refer to
Http://www.9cbs.net/develop/read_article.asp?id=23386 introduces some methods, please refer to other texts with non-pair encryption
