'save MySqlConnection password in code as md5 oder SHA?
I want to save the password in my c# code as md5 or SHA, but didnt know how.
i saw many threads for .net core. but i use .net framework. What did i need to change?
This i my connection string:
con = new MySqlConnection("Server=server-ip;Database=database;user=user;Pwd=password;SslMode=none");
My problem is one of my customers got hold of my database password and advised me to pay more attention to security. he is an ethical hacker and wanted to take a closer look.
Solution 1:[1]
Using MD5, SHA1, or any hashing algorithm to store the password is not technically possible. The MySqlConnection class needs the password to be provided in plain text (so that it can hash it itself or supply it to the server in plain text over an encrypted channel, based on the authentication method you're using).
You could use reversible encryption, but then any hacker could disassemble your application, extract the encryption key, and reverse engineer the database password.
The right way to solve this problem is to not distribute your database password to users. Instead, the database code should be in a web API that your application communicates with (using OAuth2 or another industry-standard way of authenticating a client application to an API).
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | Bradley Grainger |