ConnectionStrings: Write in app.config or windows registry?

0

My question is the best way to keep ConnectionString of my system on disk to be read as needed, ie what is the best way to do this by writing it to the file app.config , or writing to record of Windows ?

What are the advantages and disadvantages of each?

Note: I've created DLLs that encrypts my ConnectionString , and I'm working on two DLLs that will help me connect to the database, but I need to know where to write the ConnectionString already encrypted , where it is safer, etc.

Anyway, it's a seemingly silly doubt, but that made me curious. I'm currently doing based on registry of Windows , but again, I'd like to get in doubt which is better.

    
asked by anonymous 24.01.2017 / 23:32

1 answer

5

The less configuration points you have, the less complex your code will be, and the easier it will be to install and maintain the application. So you probably have more than the connection string in your app.config, distributing it, or creating encryption classes only increases complexity, and you have to keep two separate places for maintenance. Another thing, windows registry is a relatively delicate place, you should not have to worry about it when you connect it, nor when you back up the settings of your production environment, you just have to copy a text file (encrypted or not).

Whether you implement publishing strategies such as Continuous Integration or Continuous Delivery, you realize very clearly the advantage this entails in making a new release available. Since publishing a version should be simple and routine.

This is well discussed here: link .

If you do not want to use the strategy discussed there, you can simply use the .net encryption tools to generate the encrypted string and save it to a key of the app.config by doing this in your installer and using some reverse encryption algorithm. You do not need to implement this, .NET implements these features since version 2.0 of the framework, just configure .config with a protected session and change your code to something like:

static void ToggleConfigEncryption(string exeConfigName)
{
    // Takes the executable file name without the
    // .config extension.
    try
    {
        // Open the configuration file and retrieve 
        // the connectionStrings section.
        Configuration config = ConfigurationManager.
            OpenExeConfiguration(exeConfigName);

        ConnectionStringsSection section =
            config.GetSection("connectionStrings")
            as ConnectionStringsSection;

        if (section.SectionInformation.IsProtected)
        {
            // Remove encryption.
            section.SectionInformation.UnprotectSection();
        }
        else
        {
            // Encrypt the section.
            section.SectionInformation.ProtectSection(
                "DataProtectionConfigurationProvider");
        }
        // Save the current configuration.
        config.Save();

        Console.WriteLine("Protected={0}",
            section.SectionInformation.IsProtected);
    }
    catch (Exception ex)
    {
        Console.WriteLine(ex.Message);
    }
}

You can read the detailed instructions (documentation) on how to do this here: 4 "> link

    
25.01.2017 / 00:22