假设WPF应用程序被多个用户使用，则可以安全保存app.config文件中的连接字符串?

Assuming that WPF app is used by multiple users is it safe to save connection string in app.config file?

恕我直言，以纯文本存储连接字符串永远都不安全.用户可以连接到应用程序外部的数据库，并对您的数据库造成严重破坏，这是绝对正确的.

IMHO, it is never safe to store connection string in plain text. You're absolutely correct that users can connect to the database outside of your application and cause some serious damage to your database.

我想到的一些事情是:

• 加密连接字符串，并使用它而不是存储未加密的连接字符串.
• 使用基于Azure AD的访问控制.最近，Azure团队宣布可以使用Azure AD凭据连接到SQL数据库.这样，您可以在用户连接到数据库之前对其进行身份验证.您可以在此处了解更多信息: https://azure.microsoft.com/zh-CN/documentation/articles/sql-database-aad-authentication/.

• Encrypt the connection string and use that instead of storing connection string unencrypted.
• Use Azure AD based access control. Recently Azure team announced availability of connecting to a SQL Database using Azure AD credentials. This way you can authenticate the users before they connect to your database. You can read more about it here: https://azure.microsoft.com/en-in/documentation/articles/sql-database-aad-authentication/.

您可能还会发现以下文章对保护Azure SQL数据库很有用: https://azure.microsoft.com/en-us/documentation/articles/sql-database-security-guidelines/.

You may also find the following article useful in securing your Azure SQL Database: https://azure.microsoft.com/en-us/documentation/articles/sql-database-security-guidelines/.