I want to build a VB.NET application that will connect to a MySQL database. I was thinking of putting the MySQL password on the My.Setting file, but that's easy to read. Which would be the safest way to put the password on the program? I don't want to ask for it on start-up, I want it to be embedded on the software, but WHERE?
Wellll..... If it's stored in an automatically program-readable format (aka, the user doesn't have to enter any kind of password or credential to enable the application to make use of said database password), then there isn't exactly a "safe" way since any kind of meaningful encryption requires that the user enter some credential to retrieve the encrypted information. You could store it in a module as Base64 text for obfuscation, but that's not really "safe." At all. It's just encoded differently (NOT encrypted).
The bigger question to me is, is the environment safe? On the back end of a website for example, the password for sql databases is usually stored in-the-clear in the php config files... but that's because the environment is secure: php source cannot be obtained by the public, and trusted users with access to the backend are assumed to be non-malicious.
So, that raises some questions:
These are all considerations that should be accounted for.
One other thing - if you're building a .NET application, there are certain .NET code-obfuscators out there that play with your compiled code to make it quite difficult to pillage once compiled. This may be of interest to you. I believe Dotfuscator ships standard with Visual Studio? You can register for a free account with them.