Re: Encrypted Connection String and Security....Quick Question

On Feb 5, 2:18 am, "Eliyahu Goldin"
<REMOVEALLCAPITALSeEgGoldD...@xxxxxxxxxxxx> wrote:
Why don't you put the encrypted string straight into the web.config before
uploading?

--
Eliyahu Goldin,
Software Developer & Consultant
Microsoft MVP [ASP.NET]http://msmvps.com/blogs/egoldin

"Ranginald" <davidw...@xxxxxxxxx> wrote in message

news:1170649747.955294.142490@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

Hi,

Assume I have an asp.net/sql server 2000 web app in a shared hosting
environment. I then encrypt the connection string using
ProtectSection("DataProtectionConfigurationProvider") in the page load
of my default.aspx page.

Am I understanding the following concepts then correctly?

1. I upload the site to the shared hosting server.
2. The first time I run the app eg.www.whatever.com/default.aspx,
the ProtectSection method above is executed.
3. Now the conn string area of my web.config is encrypted, and
asp.net will decrypt as needed.

4. If someone were to hack the server and view the web.config --
whether via getting into the server or via ftp, they would see an
encrypted connection string.

Thanks very much!

I would do that but then I'd have to, as far as I know, encrypt it on
the local machine and then export the key. I have no command prompt
access on the shared hosting server, and from all I've read (msdn.
forums, articles, etc) the above way looks to be the most straight
forward.

Are the steps that I outlined correct, though?

Thanks!

.

Relevant Pages

  • Re: Encryption of Connection String
    ... Do you know what level of encryption IS applied to the connection string? ... > to the SQL Server via SQL authentication the password is only ... Thus you might have made all this effort to encrypt the ... > Authentication is always the preferred option unless you are using ...
    (microsoft.public.sqlserver.security)
  • ConnectionString encryption decryption
    ... Decrypt function used to encrypt and decrypt the connection string pass to ... at System.EnterpriseServices.Thunk.Proxy.CoCreateObject(Type serverType, ...
    (microsoft.public.dotnet.general)
  • Re: Help Encrypting Connection String
    ... but I have to do it on SQL Server instead of SQL ... If I'm retrieving the connection string in my own code, ... > in 2.0 you can encrypt nearly all config section out of the box using the ... >> the config file, but .NET 2.0 has more options. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Re: connectionstring & web farm
    ... You can encrypt separately on each machine, but you will have to encrypt ... "hard coded" unless you put source on the web server. ... Registry is an option that is more secure than config, ... web applications which all are using the same connection string. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Encrypt sqlconnectionstring on XML files
    ... There is such a thing as too much security and Microsoft likes ... If you still need to encrypt the information, ... > on XML configuration files. ... >> Why would you need to encrypt the connection string? ...
    (microsoft.public.dotnet.framework.aspnet)