Ways to protect SQL authentication data in Excel Add-in

0 投票
最新提问 用户: (120 分)

I have written an Excel addin which connects to a specific database and pulls data from it. Currently, SQL Server authentication data is hard-coded in the add-in. I am planning to distribute the add-in without removing the SQL Server connection functionality. Protection of the authentication data is an inevitable prerequisite. However, I am stuggling to find a suitable solution.

The authentication data for SQL Server is not unique. Setting up a unique login for each end user would be nearly impossible.

Are there any recommendations how to best achieve a good protection level for the SQL Server authentication data?


0 投票
最新回答 用户: (140 分)

This is a very common problem of how to protect connection strings. Few years ago i have develop a C# application and i have used an app.config file that the connection strings to the db where encrypted.

Save the connection string in an external encrypted file and while reading it decrypt it:

You can check here for more information: https://msdn.microsoft.com/en-us/library/ms254494(v=vs.110).aspx

发表于 用户: (120 分)
thanks for this useful information. Is it possible to store the app.config file on an external server while the Excel addin runs locally?
发表于 用户: (140 分)
Yes, in the adding code just load the configuration file from the remote computer : for more information see here : msdn.microsoft.com/en-us/library/ms228063.aspx#Anchor_3 here is a more technical information about creating encrypted configurations: msdn.microsoft.com/en-us/library/53tyfkaw(v=vs.110).aspx
欢迎来到 Security Q&A ,有什么不懂的可以尽管在这里提问,你将会收到社区其他成员的回答。