Re: connectionstring & web farm

3 is, by far the easiest. If you want to encrypt the string, which is wise,
you will have to use one machine to export the encryption keys. There are
pages on MSDN for encrypting connection strings on a web farm using the
built-in encryption.

You can encrypt separately on each machine, but you will have to encrypt
separately on each every time there is a change.

NOTE: In 2.0, you can put the connection strings in a separate file

Other alternatives
Global.asax - What? Are you high? - Global.asax is not secure if someone
compromises the code, so it really offers no security benefits. It is also
"hard coded" unless you put source on the web server. I would call
global.asax bad form.

Machine config is an decent option. It is a more attractive option if
multiple apps on the machine use the same connection string.

Registry is an option that is more secure than config, etc.

You can set up a web service to deliver configuration settings - unless you
are reusing the bits, this is overkill


--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA
http://gregorybeamer.spaces.live.com

*************************************************
Think outside the box!
*************************************************
"Jeff" <it_consultant1@xxxxxxxxxxxxxxxxxx> wrote in message
news:uXCcIzXDHHA.3600@xxxxxxxxxxxxxxxxxxxxxxx
Hey

ASP.NET 2.0

I'm preparing for a www.123assess.com test and in that intention I
yesterday took a skill assessment test at microsoft.com. Today I'm
reviewing some of the questions I had problems with:

One of the questions was about where the connections string should be
placed in a web farm configuration. In this scenario there were several
web applications which all are using the same connection string. The
connection string should in this scenario be placed in the most central
location possible. Below are the 4 alternative answers to the question:

These were the alternative answers:
#1: In each application's Global.asax
#2: In the Machine.config on one of the web servers
#3: In each application's Web.config file
#4: In the Machine.config file on each web server

I think alternative #4 is correct, but I'm not 100% sure about it.

any suggestions?

Jeff



.

Relevant Pages

  • Re: connectionstring & web farm
    ... Placing the connection string in Machine.config on every web ... you will have to use one machine to export the encryption keys. ... also "hard coded" unless you put source on the web server. ... Registry is an option that is more secure than config, ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Encrypting connection string in app.config
    ... In this case there's no web server involved. ... | Is there anyway to encrypt the connection string using an algorithm ... but is there a way to use that to encrypt the connection ...
    (microsoft.public.dotnet.security)
  • Re: Encryption of Connection String
    ... SSL or IPSEC to secure the connection between the Web Server ... > If the connection string is for the session state server, ... Use the ASP.NET Utility to Encrypt Credentials and Session ...
    (microsoft.public.sqlserver.security)
  • Re: Encryption of Connection String
    ... Do you know what level of encryption IS applied to the connection string? ... > to the SQL Server via SQL authentication the password is only ... Thus you might have made all this effort to encrypt the ... > Authentication is always the preferred option unless you are using ...
    (microsoft.public.sqlserver.security)
  • ConnectionString encryption decryption
    ... Decrypt function used to encrypt and decrypt the connection string pass to ... at System.EnterpriseServices.Thunk.Proxy.CoCreateObject(Type serverType, ...
    (microsoft.public.dotnet.general)