K
Ken
hi
I want to encrypt the Connection String that is located in the Web.Config file
How Can I do it?
I want to encrypt the Connection String that is located in the Web.Config file
How Can I do it?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
D
Dino Chiesa [Microsoft]
Ken,
If you encrypt the connection string, later you will only have to decrypt
it. Which means somewhere you will need to store the key, and you are no
more secure than when you started.
It is not the same as encrypting (or hashing) a password - for that you only
need to go one way. To verify the password later, you apply the same hash
to the candidate password, and compare the hash of the known good password
to the hash of the candidate password. If they match, then the user entered
the correct password.
But connection strings don't work the same way. You need the plaintext
connection string to connect to the database. You cannot use a one-way hash
of the connection string. So if you encrypt in in the store, you will need
to decrypt it later.
Don't despare! There are good options. For a discussion of them, please
see this text:
http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetlpMSDN.asp
....specifically , the chapter on data access security,
http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch12.asp
in short, the best recommendation is to use integrated security. But see
the doc for a full discussion.
-Dino
If you encrypt the connection string, later you will only have to decrypt
it. Which means somewhere you will need to store the key, and you are no
more secure than when you started.
It is not the same as encrypting (or hashing) a password - for that you only
need to go one way. To verify the password later, you apply the same hash
to the candidate password, and compare the hash of the known good password
to the hash of the candidate password. If they match, then the user entered
the correct password.
But connection strings don't work the same way. You need the plaintext
connection string to connect to the database. You cannot use a one-way hash
of the connection string. So if you encrypt in in the store, you will need
to decrypt it later.
Don't despare! There are good options. For a discussion of them, please
see this text:
http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetlpMSDN.asp
....specifically , the chapter on data access security,
http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch12.asp
in short, the best recommendation is to use integrated security. But see
the doc for a full discussion.
-Dino
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.
Forum statistics
Latest Threads
-
Can I stop HTTPS?
- Started by IBMJunkman
-
Stephanie Beaudeau Emsworth is Running a Prostitution Ring
- Started by verona
-
Reverse search for a website
- Started by DRCM
-
What are the key advantages of using a SaaS (Software as a Service) model for application development?
- Started by remotedevelopers
-
How to build a database-driven web page
- Started by av3mar1a153
-
Hola
- Started by luuciefer
-
Using a DTSX file with GoDaddy
- Started by IBMJunkman