Encrypted Connection String

Discussion in 'ASP .Net Security' started by Scott M., Dec 14, 2003.

  1. Scott M.

    Scott M. Guest

    How would I go about taking my DB connection strings and putting them into
    my Web.Config file in encrypted form? Of course, I'd need to know how to
    call and decrypt them from the various .aspx pages that need the info.

    Thanks!
    Scott M., Dec 14, 2003
    #1
    1. Advertising

  2. Scott M.

    MSFT Guest

    Hi Scott,

    Normmally, the client user can't access the web.config and we can consider
    the connection string is safe without encryption. If you do want to encrypt
    a string in web.config, you may take a look at classes in
    System.Security.Cryptography Namespace:

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/
    frlrfSystemSecurityCryptography.asp

    Luke
    Microsoft Online Support

    Get Secure! www.microsoft.com/security
    (This posting is provided "AS IS", with no warranties, and confers no
    rights.)
    MSFT, Dec 15, 2003
    #2
    1. Advertising

  3. Scott M.

    Scott M. Guest

    Hi Luke. Thanks for your reply. The link you posted will be helpful. The
    only comment I have is that "normally" the client user can't get the the
    source code of the ASP.NET page either, but we don't consider putting
    connection strings in them a safe thing to do so encryptioin AND using
    web.config gives us a second and third line of defense.



    "MSFT" <> wrote in message
    news:...
    > Hi Scott,
    >
    > Normmally, the client user can't access the web.config and we can

    consider
    > the connection string is safe without encryption. If you do want to

    encrypt
    > a string in web.config, you may take a look at classes in
    > System.Security.Cryptography Namespace:
    >
    >

    http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/
    > frlrfSystemSecurityCryptography.asp
    >
    > Luke
    > Microsoft Online Support
    >
    > Get Secure! www.microsoft.com/security
    > (This posting is provided "AS IS", with no warranties, and confers no
    > rights.)
    >
    Scott M., Dec 15, 2003
    #3
  4. Scott M.

    Guest Guest

    The November issue of MSDN magazine has an article on this
    topic.
    >-----Original Message-----
    >Hi Luke. Thanks for your reply. The link you posted

    will be helpful. The
    >only comment I have is that "normally" the client user

    can't get the the
    >source code of the ASP.NET page either, but we don't

    consider putting
    >connection strings in them a safe thing to do so

    encryptioin AND using
    >web.config gives us a second and third line of defense.
    >
    >
    >
    >"MSFT" <> wrote in message
    >news:...
    >> Hi Scott,
    >>
    >> Normmally, the client user can't access the web.config

    and we can
    >consider
    >> the connection string is safe without encryption. If

    you do want to
    >encrypt
    >> a string in web.config, you may take a look at classes

    in
    >> System.Security.Cryptography Namespace:
    >>
    >>

    >http://msdn.microsoft.com/library/default.asp?

    url=/library/en-us/cpref/html/
    >> frlrfSystemSecurityCryptography.asp
    >>
    >> Luke
    >> Microsoft Online Support
    >>
    >> Get Secure! www.microsoft.com/security
    >> (This posting is provided "AS IS", with no warranties,

    and confers no
    >> rights.)
    >>

    >
    >
    >.
    >
    Guest, Dec 15, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Alek Davis

    Using encrypted dB connection string

    Alek Davis, May 21, 2004, in forum: ASP .Net
    Replies:
    12
    Views:
    2,909
    Alek Davis
    Jun 3, 2004
  2. Ranginald
    Replies:
    2
    Views:
    423
    Ranginald
    Feb 6, 2007
  3. Phil C.
    Replies:
    8
    Views:
    187
    charlestek
    Mar 17, 2005
  4. JohnMSyrasoft

    ASP.NET 2.0 Encrypted Connection String

    JohnMSyrasoft, Apr 12, 2005, in forum: ASP .Net Security
    Replies:
    1
    Views:
    232
    Brock Allen
    Apr 12, 2005
  5. Morfys
    Replies:
    1
    Views:
    126
    Gunnar Hjalmarsson
    Jun 17, 2007
Loading...

Share This Page