Re: Encrypting/Decrypting Connection String

From: Sahil Malik (contactmethrumyblog_at_nospam.com)
Date: 11/30/04

Next message: Michelle Hlaing: "Re: do you know how i to create events dynamicaly?"
Previous message: Patrick.O.Ige: "RE: Capture the file path"
In reply to: Steve C. Orr [MVP, MCSD]: "Re: Encrypting/Decrypting Connection String"
Messages sorted by: [ date ] [ thread ]

Date: Tue, 30 Nov 2004 01:08:06 -0500

In addition to Steve's reply you might also find the following valuable -

(How To Store an Encrypted Connection String in the Registry)
http://msdn.microsoft.com/library/en-us/secmod/html/secmod25.asp?frame=true

Might I add - there are mixed opinions about web apps accessing registry -
some guys think it's cool, some think it's not. My personal view is - as far
as security goes - that can be worked around in an acceptable manner - the
one issue the above mentioned link doesn't address is - registry is
SLOWWWWWWWW as a world war 2 tank !!!. (Like a WW2 tank .. it took a lot of
cra~p).

But then that can be worked around - it's easy - cache the connectionstring;
and setup a dependency similiar to FileDependecy or SqlDependency; and bingo
you just avoided the last argument against registry - performance.

- Sahil Malik
http://dotnetjunkies.com/weblog/sahilmalik

"Steve C. Orr [MVP, MCSD]" <Steve@Orr.net> wrote in message
news:eARRbil1EHA.4004@tk2msftngp13.phx.gbl...
> One of the best techniques is to use a trusted connection. That way you
> don't need
> to list a username or password so there is nothing to hide.
> If this is not possible, you can alternately store the username and
> password encrypted
> in the registry.
> Here's more information:
> http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpgenref/html/gngrfidentitysection.asp
>
> --
> I hope this helps,
> Steve C. Orr, MCSD, MVP
> http://Steve.Orr.net
>
>
>
> "VB Programmer" <Dont*NoSpam-Please*@jEmail.com> wrote in message
> news:e0cZmjk1EHA.3408@tk2msftngp13.phx.gbl...
>>I have my SQL Server connectionstring in my web.config file. I'm scared
>>that someone will open the file and get my username/password. How do I
>>encrypt, then decrypt the connection string in the web.config file?
>>
>
>

Next message: Michelle Hlaing: "Re: do you know how i to create events dynamicaly?"
Previous message: Patrick.O.Ige: "RE: Capture the file path"
In reply to: Steve C. Orr [MVP, MCSD]: "Re: Encrypting/Decrypting Connection String"
Messages sorted by: [ date ] [ thread ]

Relevant Pages

Re: Encrypting/Decrypting Connection String
... (How To Store an Encrypted Connection String in the Registry) ... Might I add - there are mixed opinions about web apps accessing registry - ... >>encrypt, then decrypt the connection string in the web.config file? ...
(microsoft.public.dotnet.framework.adonet)
RE: Windows 2000 RRAS and ipSEC /L2TP VPN
... How to Configure a L2TP/IPSec Connection Using Pre-shared Key Authentication ... This article contains information about modifying the registry. ... , Windows 2000 is compliant with IKE RFC ...
(microsoft.public.win2000.networking)
Re: Clients not able to ftp
... I already have a EnableRSS record in my registry. ... FTP site from command line but cannot access it from IE after you install ... for the connection and the hardware hash code for the connection do not ... Microsoft CSS Online Newsgroup Support ...
(microsoft.public.windows.server.sbs)
RE: Problems to create a new internet conection
... You Cannot Create a Network Connection After You Restore Windows XP ... This article contains information about modifying the registry. ... You cannot create a remote access or Dial-Up Networking connection. ...
(microsoft.public.windowsxp.help_and_support)
Java Web Services issue
... When I attempt to publish into the registry, ... Created connection to registry ... Found classification ... Exception exception = null; ...
(comp.lang.java.programmer)