Encrypted Connection String and Security....Quick Question
- From: "Ranginald" <davidwank@xxxxxxxxx>
- Date: 4 Feb 2007 20:29:08 -0800
Hi,
Assume I have an asp.net/sql server 2000 web app in a shared hosting
environment. I then encrypt the connection string using
ProtectSection("DataProtectionConfigurationProvider") in the page load
of my default.aspx page.
Am I understanding the following concepts then correctly?
1. I upload the site to the shared hosting server.
2. The first time I run the app eg. www.whatever.com/default.aspx,
the ProtectSection method above is executed.
3. Now the conn string area of my web.config is encrypted, and
asp.net will decrypt as needed.
4. If someone were to hack the server and view the web.config --
whether via getting into the server or via ftp, they would see an
encrypted connection string.
Thanks very much!
.
- Follow-Ups:
- Re: Encrypted Connection String and Security....Quick Question
- From: Eliyahu Goldin
- Re: Encrypted Connection String and Security....Quick Question
- Prev by Date: Re: ERROR: Provider Management - Could not establish a connection to t
- Next by Date: IsSecureConnection with Load Balancer
- Previous by thread: Re: ERROR: Provider Management - Could not establish a connection to t
- Next by thread: Re: Encrypted Connection String and Security....Quick Question
- Index(es):
Relevant Pages
|
Loading
