Re: Encrypt sqlconnectionstring on XML files

I see your point. Okay, here is my take on that information. It is going
overboard. There is such a thing as too much security and Microsoft likes
to place all information in an envelop, which is placed in a box, wrapped
with a chain and a pad lock, placed in a safety deposit box in a bank, where
the entire bank itself is placed in a mile thick vault, finally dumped in
the deepest part of the ocean.

You don't what to expose passwords, but if you just use a trusted connection
then securing it is not really important. The name of the database is not
secret, in my opinion.

If you still need to encrypt the information, this article might get you
started --
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT09.asp.



"Luis Esteban Valencia" <levalencia@xxxxxxxxxxxx> wrote in message
news:e8LnxlAhFHA.3448@xxxxxxxxxxxxxxxxxxxxxxx
> Read this.
>
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/AppArchCh3.asp
> on the configuration section they dont recommend to put connection strings
> on XML configuration files. So where to put them? How to deploy them to
the
> customer??
>
>
> "Peter Rilling" <peter@xxxxxxxxxxxxxxxxxx> escribió en el mensaje
> news:uangkYAhFHA.1416@xxxxxxxxxxxxxxxxxxxxxxx
> > Why would you need to encrypt the connection string? If you use a
trusted
> > connection (meaning now username and password is stored in the string),
> then
> > there is no private information that needs to be encrypted.
> >
> > "Luis Esteban Valencia" <levalencia@xxxxxxxxxxxx> wrote in message
> > news:eb7dVUAhFHA.1052@xxxxxxxxxxxxxxxxxxxxxxx
> > >
> > >
> > >
> > > Hello I want to encrypt the sqlconenction string on the xml
> > > configuration files.
> > >
> > > The problem is the following
> > > I have an application at my company that accesses a sql server
> local
> > > database. this database connection string is in a file called
> appconf.xml
> > > in my class library called DataAccessLogicLayer.
> > >
> > > If I encrypt the connection string what should I do when I
deploy
> to
> > > customer? how should they change the connection string if that XML
file
> is
> > > encryped.
> > >
> > >
> > >
> >
> >
>
>


.

Relevant Pages

  • Re: Encrypt sqlconnectionstring on XML files
    ... on XML configuration files. ... > Why would you need to encrypt the connection string? ... >> Hello I want to encrypt the sqlconenction string on the xml ...
    (microsoft.public.dotnet.framework.aspnet)
  • SQL connection string security (Summary, I think)
    ... Security through obscurity is a horrible concept, and you are correct that eventually someone will find it. ... And again, noting the most common bugs/exploits in web-servers tend to be file disclosure problems, my basic premise remains intact, keep the connection string out of the file-system. ... I'm telling you from experience that if you use standard SQL Server security ... > Now, the "shell game" thing. ...
    (Focus-Microsoft)
  • RE: SQL connection string security (Summary, I think)
    ... Integrated authentication to SQL server is much better. ... So that rules out doing security that way. ... keep the connection string out of the file-system. ...
    (Focus-Microsoft)
  • Re: Encryption of Connection String
    ... Do you know what level of encryption IS applied to the connection string? ... > to the SQL Server via SQL authentication the password is only ... Thus you might have made all this effort to encrypt the ... > Authentication is always the preferred option unless you are using ...
    (microsoft.public.sqlserver.security)
  • ConnectionString encryption decryption
    ... Decrypt function used to encrypt and decrypt the connection string pass to ... at System.EnterpriseServices.Thunk.Proxy.CoCreateObject(Type serverType, ...
    (microsoft.public.dotnet.general)