C# WPF Login Oracle Database
So I'm making a login system with C# WPF and I use Oracle DB. As I understood oracle it only has one database unlike MSSQL. What I did now is, I created a user and under this user I created a table (USERLIST) for my logins.
For the login I use a connectionString ("Data Source=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL ......) which the user I mentioned above. This connection string is static. After that I would make a querry to check the username and password fits with the credentials mentioned in my WPF.
My question is if i should let the connection String hardcoded like that or is there a way to combine it with my USERLIST or even another way that better like maybe using the Oracle User from the database itself?
6 Replies
The connection string should not be hard coded
It should either be loaded via a config filr
Or via system environment variables
How are you using the database? Via EF Core or Dapper? Something entirely different?
Probably ADO
The project uses Oracle DB, and I can infer that there's no password hashing, so it can't be anything but ADO lmao
The idea behind it is a "easy" document management system. My goal is to store the Data (such as .docx .txt ...) in a Volume on a Windows Server. The Metadata (such as DocumentID, Description, Path ...) will get stored in the Oracle Database (Oracle 19c). The Volume and Database are both installed on a VM (Windows Server 2022).
The "project" will not be used in real world its just fictional for me to improve programming and get some start with C# and WPF. Also I use Oracle SQL bc i want to get a better understanding of Oracle in general.
@Deno thanks for the answer i will from now on put the connection string in the app.config. I am pretty new so EF Core or Dapper doesnt tell me anything at the moment.
@Angius i wont use any hashing bc its not a productive software. Also ADO doesnt tell me anything either, thanks for the reply.
The one thing you need to know about Oracle, is that they have 20 lawyers for every developer and they make software like it's 1999
ADO is the "default" way of communicating with the database, with type-unsafe readers and looping over the data you got
Instead of mapping to objects etc
Regardless
Connection string should probably be stored either as a resource, or as some sort of a config file
You can't guarantee that whoever's going to be using it will have the database with same credentials and running at the same address, after all
Moreover, if you supply a password via the connection string, you most definitely should use a config file, that is not pushed to your VC
Hard coded connection strings are out of the question
Thanks for the help guys ❤️