我是一个相当新的开发人员,目前正在开发一个c#程序,该程序使用以下代码连接到mysql服务器:
class MySql
{
private MySqlConnection connection;
private string server;
private string database;
private string uid;
private string password;
//Constructor
public MySql()
{
Initialize();
}
//Initialize values
private void Initialize()
{
server = "mydomain.com";
database = "dbName";
uid = "Username";
password = "Password";
string connectionString;
connectionString = "SERVER=" + server + ";" + "DATABASE=" +
database + ";" + "UID=" + uid + ";" + "PASSWORD=" + password + ";";
connection = new MySqlConnection(connectionString);
}
//open connection to database
private bool OpenConnection()
{
try
{
connection.Open();
return true;
}
catch (MySqlException ex)
{
//When handling errors, you can your application's response based
//on the error number.
//The two most common error numbers when connecting are as follows:
//0: Cannot connect to server.
//1045: Invalid user name and/or password.
switch (ex.Number)
{
case 0:
MessageBox.Show("Cannot connect to server. Contact administrator");
break;
case 1045:
MessageBox.Show("Invalid username/password, please try again");
break;
}
return false;
}
}
//Close connection
private bool CloseConnection()
{
try
{
connection.Close();
return true;
}
catch (MySqlException ex)
{
MessageBox.Show(ex.Message);
return false;
}
}
现在我不太清楚如何安全地保存服务器登录。如您所见,在我的代码中,域、用户名和密码只是公开地存在于代码中。
据我所知,不应该是这样。
我该怎么纠正呢?或者像那样储存是省钱吗?谢谢!
1条答案
按热度按时间pwuypxnk1#
在.net中,连接字符串通常存储在应用程序的.config文件中(web.config用于asp.net,app.config用于桌面)。配置文件中的mysql连接字符串示例如下所示:
然后有一些受支持的方法来加密配置文件的该部分。使用连接字符串和加密它们都在这篇微软文章中讨论:连接字符串和配置文件