I've currently got a project that I worked on for some friends to play around with; but my database connection is exposed in the raw client. So the username and password connection strings are exposed; what would be a solid solution to encrypt that string?
A service that will encrypt the transport layer? Encrypt the database connection string? Abstract the connection string? Or any other form that can help me secure the data inquiries.
My original thought was to use an anti-decompiler; but that still wouldn't hide or secure the database connection string. Any thoughts?
Don't have the application talking directly to the SQL server. Have it talking to a web-facing API that can talk to the SQL server and your application talking to the API. .Net Web Services / WCF make this really easy .