K
Keith G Hicks
I added a page to my site (in a secure folder that only my login has access
to) that lets me (and only me) encrypt or decrypt the web.config at will.
Ok, so far so good.
What I don't understand is that if a hacker can get to my web.config,
certainly he could probably get to my encrypt/decrypt page and run the
decrypt button. If I delete that page from the site, so what? Anyone who
knows this stuff could put a similar page up there.
I really don't see the point of all of this. It seems like locking your
front door but leaving the key on a nail near the door knob. I must be
missign something. Can anyone shed some light on this for me? It seems so
full of holes.
Thanks,
Keith
to) that lets me (and only me) encrypt or decrypt the web.config at will.
Ok, so far so good.
What I don't understand is that if a hacker can get to my web.config,
certainly he could probably get to my encrypt/decrypt page and run the
decrypt button. If I delete that page from the site, so what? Anyone who
knows this stuff could put a similar page up there.
I really don't see the point of all of this. It seems like locking your
front door but leaving the key on a nail near the door knob. I must be
missign something. Can anyone shed some light on this for me? It seems so
full of holes.
Thanks,
Keith