Encrypted Connection String

S

Scott M.

How would I go about taking my DB connection strings and putting them into
my Web.Config file in encrypted form? Of course, I'd need to know how to
call and decrypt them from the various .aspx pages that need the info.

Thanks!
 
M

MSFT

Hi Scott,

Normmally, the client user can't access the web.config and we can consider
the connection string is safe without encryption. If you do want to encrypt
a string in web.config, you may take a look at classes in
System.Security.Cryptography Namespace:

http://msdn.microsoft.com/library/default.asp?url=/library/en-us/cpref/html/
frlrfSystemSecurityCryptography.asp

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)
 
S

Scott M.

Hi Luke. Thanks for your reply. The link you posted will be helpful. The
only comment I have is that "normally" the client user can't get the the
source code of the ASP.NET page either, but we don't consider putting
connection strings in them a safe thing to do so encryptioin AND using
web.config gives us a second and third line of defense.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Encrypted Connections Strings not safe in memory? 1
ASP.NET 2.0 Encrypted Connection String 1
Inheritance and the "is-A" connection 1
Encrypted Connection String and Security....Quick Question 2
Encrypted URL 3
Beginner's Guide to getting CipherSweet working with PDO and MYSQL 1
connection string for membership provider 0
Encrypted and Decrypted Conn String Programatically 5

Members online

No members online now.
Total: 35 (members: 0, guests: 35)
Robots: 183

Forum statistics

Threads
473,764
Messages
2,569,564
Members
45,039
Latest member
CasimiraVa

Latest Threads

Top