Recently I was tasked with researching connection string best practices, and employing them at the day job. We want a better way to manage all of the connection strings.
I suggested moving the connection strings into the machine.config unencrypted. This will accomplish multiple things.
- Centralizes connection strings to one area for all projects residing on that server
- Easy to search, maintain, and update since no encryption/decryption is required
- “Set it and Forget it” – Deployments to the various environments (DEV, STG, TRN, PRD) won’t need to update connection string after every deployment cycle
But there are some downsides
- Need to save across multiple .NET machine.config sources
The simple workaround is to keep a configSource file in the root, and utilize a batch file to copy into each frameworks config directory (except 1.1 and below)
- Unencrypted connection strings means an intruder has easier access to information (more info below)
- Updating a connection string for one project has the potential of disrupting every project on that server
But I hope you are doing these updates during off hours, so the impact will be minimal.
I will make some mentions of things in this blog that I really hope is not news to anyone. Having your own 2-way hashing/encrypting algorithm will only slow down a hacker. My experience has been that you must “hide” the key, but still reference it. A good file search tool can quickly point to this unlock key to get your connection string. By my estimation, the tool I use can sift through 80 megabytes of data (including text files, images, and binary documents such as PDFs, Word and Excel documents) in less than 8 minutes. Then using a decompiler they can easily get your information.
I was once tasked to take over a project where the previous developer was holding the source code ransom for a bigger bonus. With the awesome experience in programming I had developed over the years, it took me about 45 minutes to get everything I needed into a nice small package. And that was just so I had something pretty to work with, not just mining for anything specific.
I’m sure that if a somewhat experience hacker ever got into your machine, an encrypted connection string is only going to slow him down by maybe 15 minutes, assuming he already has the tools necessary to do his digging. After all, it’s all about the time. If he’s already gained access, knows what he’s looking for, and wasn’t taught the Boy Scout model of “Be Prepared” (even if it’s to be used for evil), the chances of him being caught will be much higher as he’s doing some Google research while breaking into your system.
So, my recommendation is to just keep unencrypted connection strings in the machine.config file(s), as it will save your Operations department many compounding hours in maintenance over the lifetime of the servers.