Re: connectionstring & web farm

The page I was thinking about is
http://msdn2.microsoft.com/en-us/library/bf7sd233.aspx (note the
Configurable locations that states where this section is allowed).

As for the other quesrion I would say it depends. I would put it at the most
global location where it is needed (that is web.config if this is
application specific, perhaps machine.config if used in multiple
applications from the same machine).

--
Patrice

"Jeff" <it_consultant1@xxxxxxxxxxxxxxxxxx> a écrit dans le message de news:
OrfvroYDHHA.996@xxxxxxxxxxxxxxxxxxxxxxx
Thanks, the scenario used in this question was a web farm configuration (3
web servers) running multiple web applications and all these web
applications are using the same connection string. The question didn't
mention anything about encryption.

I think it's alternative #2 or #4. In my opinion it's #4 (but I've been
wrong before, and can easly be wrong on this also... lol) because as far
as I know all the machines in the web farm need to have the connection
string. Placing the connection string in Machine.config on every web
server can from what I understanding solve it.. If placed in a web.config
file, then the connection string need to added to every web.config file
for every web application on every web server.

any comments?


"Cowboy (Gregory A. Beamer)" <NoSpamMgbworld@xxxxxxxxxxxxxxxxxx> wrote in
message news:e3lHiVYDHHA.1224@xxxxxxxxxxxxxxxxxxxxxxx
3 is, by far the easiest. If you want to encrypt the string, which is
wise, you will have to use one machine to export the encryption keys.
There are pages on MSDN for encrypting connection strings on a web farm
using the built-in encryption.

You can encrypt separately on each machine, but you will have to encrypt
separately on each every time there is a change.

NOTE: In 2.0, you can put the connection strings in a separate file

Other alternatives
Global.asax - What? Are you high? - Global.asax is not secure if someone
compromises the code, so it really offers no security benefits. It is
also "hard coded" unless you put source on the web server. I would call
global.asax bad form.

Machine config is an decent option. It is a more attractive option if
multiple apps on the machine use the same connection string.

Registry is an option that is more secure than config, etc.

You can set up a web service to deliver configuration settings - unless
you are reusing the bits, this is overkill


--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*************************************************
Think outside the box!
*************************************************
"Jeff" <it_consultant1@xxxxxxxxxxxxxxxxxx> wrote in message
news:uXCcIzXDHHA.3600@xxxxxxxxxxxxxxxxxxxxxxx
Hey

ASP.NET 2.0

I'm preparing for a www.123assess.com test and in that intention I
yesterday took a skill assessment test at microsoft.com. Today I'm
reviewing some of the questions I had problems with:

One of the questions was about where the connections string should be
placed in a web farm configuration. In this scenario there were several
web applications which all are using the same connection string. The
connection string should in this scenario be placed in the most central
location possible. Below are the 4 alternative answers to the question:

These were the alternative answers:
#1: In each application's Global.asax
#2: In the Machine.config on one of the web servers
#3: In each application's Web.config file
#4: In the Machine.config file on each web server

I think alternative #4 is correct, but I'm not 100% sure about it.

any suggestions?

Jeff







.

Relevant Pages

  • Re: Help Encrypting Connection String
    ... I have simply 'overridden' the LocalSqlServer connection string to point to my SQL Server DB. ... to encrypt the section and places it into web.config - the config file then refers to the reg key. ... I don't like to hardcode anything, in general, but I'd rather do that with an encryption key than the underlying data itself. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: Help Encrypting Connection String
    ... there is a command line tool called aspnet_regiis that can do the encryption. ... It also looks like DPAPI uses a machine specific key, ... I have simply 'overridden' the LocalSqlServer connection string to point to my SQL Server DB. ... There are a lot of wrappers out there, e.g. http://www.leastprivilege.com/DPAPITools.aspx the tool you are referring to is called aspnet_setreg - it uses DPAPI to encrypt the section and places it into web.config - the config file then refers to the reg key. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: connectionstring & web farm
    ... You can encrypt separately on each machine, but you will have to encrypt ... "hard coded" unless you put source on the web server. ... Registry is an option that is more secure than config, ... web applications which all are using the same connection string. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Help encrypt conn string - no ASP, no server, cant protect keys, cant use Windows Authentica
    ... per machine DPAPI encryption of the connection string is probably ... Co-author of "The .NET Developer's Guide to Directory Services Programming" ... The database has been encoded and password ...
    (microsoft.public.dotnet.security)
  • Re: connectionstring & web farm
    ... the scenario used in this question was a web farm configuration (3 ... I know all the machines in the web farm need to have the connection string. ... Placing the connection string in Machine.config on every web server can from ...
    (microsoft.public.dotnet.framework.aspnet)