encrypt string in the Web.Config file

Discussion in 'ASP .Net Web Services' started by Ken, Nov 15, 2004.

  1. Ken

    Ken Guest

    hi

    I want to encrypt the Connection String that is located in the Web.Config file

    How Can I do it?
     
    Ken, Nov 15, 2004
    #1
    1. Advertising

  2. Ken,
    If you encrypt the connection string, later you will only have to decrypt
    it. Which means somewhere you will need to store the key, and you are no
    more secure than when you started.

    It is not the same as encrypting (or hashing) a password - for that you only
    need to go one way. To verify the password later, you apply the same hash
    to the candidate password, and compare the hash of the known good password
    to the hash of the candidate password. If they match, then the user entered
    the correct password.

    But connection strings don't work the same way. You need the plaintext
    connection string to connect to the database. You cannot use a one-way hash
    of the connection string. So if you encrypt in in the store, you will need
    to decrypt it later.

    Don't despare! There are good options. For a discussion of them, please
    see this text:
    http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetlpMSDN.asp

    ....specifically , the chapter on data access security,
    http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch12.asp

    in short, the best recommendation is to use integrated security. But see
    the doc for a full discussion.

    -Dino

    --
    Dino Chiesa
    Microsoft Developer Division
    d i n o c h @ OmitThis . m i c r o s o f t . c o m


    "Ken" <> wrote in message
    news:...
    > hi
    >
    > I want to encrypt the Connection String that is located in the Web.Config
    > file
    >
    > How Can I do it?
     
    Dino Chiesa [Microsoft], Nov 18, 2004
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Henry
    Replies:
    3
    Views:
    24,169
    Henry
    Aug 4, 2004
  2. -Steve-
    Replies:
    0
    Views:
    367
    -Steve-
    Aug 18, 2006
  3. CSharpner
    Replies:
    0
    Views:
    1,132
    CSharpner
    Apr 9, 2007
  4. Replies:
    2
    Views:
    143
    Dominick Baier [DevelopMentor]
    Jun 10, 2006
  5. http://ejobseek.com

    Encrypt in Perl, De-encrypt in Javascript

    http://ejobseek.com, Sep 1, 2003, in forum: Perl Misc
    Replies:
    3
    Views:
    307
    James Willmore
    Sep 1, 2003
Loading...

Share This Page