Encrypting/Decrypting Connection String

Discussion in 'ASP .Net' started by VB Programmer, Nov 29, 2004.

  1. I have my SQL Server connectionstring in my web.config file. I'm scared
    that someone will open the file and get my username/password. How do I
    encrypt, then decrypt the connection string in the web.config file?
    VB Programmer, Nov 29, 2004
    #1
    1. Advertising

  2. User the DP API provided by Microsoft or use the .net crypto api which is
    included in the .net framework. Essentally, you will have to write a app
    that would encrypt this connection string, then copy and paste it in your
    web.config. Then you will have to implement a funciton in your code to
    decrypt the string.

    "VB Programmer" wrote:

    > I have my SQL Server connectionstring in my web.config file. I'm scared
    > that someone will open the file and get my username/password. How do I
    > encrypt, then decrypt the connection string in the web.config file?
    >
    >
    >
    =?Utf-8?B?VGFtcGEgLk5FVCBLb2Rlcg==?=, Nov 29, 2004
    #2
    1. Advertising

  3. One of the best techniques is to use a trusted connection. That way you
    don't need
    to list a username or password so there is nothing to hide.
    If this is not possible, you can alternately store the username and password
    encrypted
    in the registry.
    Here's more information:
    http://msdn.microsoft.com/library/d.../en-us/cpgenref/html/gngrfidentitysection.asp

    --
    I hope this helps,
    Steve C. Orr, MCSD, MVP
    http://Steve.Orr.net



    "VB Programmer" <Dont*NoSpam-Please*@jEmail.com> wrote in message
    news:...
    >I have my SQL Server connectionstring in my web.config file. I'm scared
    >that someone will open the file and get my username/password. How do I
    >encrypt, then decrypt the connection string in the web.config file?
    >
    Steve C. Orr [MVP, MCSD], Nov 29, 2004
    #3
  4. VB Programmer

    Sahil Malik Guest

    In addition to Steve's reply you might also find the following valuable -

    (How To Store an Encrypted Connection String in the Registry)
    http://msdn.microsoft.com/library/en-us/secmod/html/secmod25.asp?frame=true

    Might I add - there are mixed opinions about web apps accessing registry -
    some guys think it's cool, some think it's not. My personal view is - as far
    as security goes - that can be worked around in an acceptable manner - the
    one issue the above mentioned link doesn't address is - registry is
    SLOWWWWWWWW as a world war 2 tank !!!. (Like a WW2 tank .. it took a lot of
    cra~p).

    But then that can be worked around - it's easy - cache the connectionstring;
    and setup a dependency similiar to FileDependecy or SqlDependency; and bingo
    you just avoided the last argument against registry - performance.

    - Sahil Malik
    http://dotnetjunkies.com/weblog/sahilmalik




    "Steve C. Orr [MVP, MCSD]" <> wrote in message
    news:...
    > One of the best techniques is to use a trusted connection. That way you
    > don't need
    > to list a username or password so there is nothing to hide.
    > If this is not possible, you can alternately store the username and
    > password encrypted
    > in the registry.
    > Here's more information:
    > http://msdn.microsoft.com/library/d.../en-us/cpgenref/html/gngrfidentitysection.asp
    >
    > --
    > I hope this helps,
    > Steve C. Orr, MCSD, MVP
    > http://Steve.Orr.net
    >
    >
    >
    > "VB Programmer" <Dont*NoSpam-Please*@jEmail.com> wrote in message
    > news:...
    >>I have my SQL Server connectionstring in my web.config file. I'm scared
    >>that someone will open the file and get my username/password. How do I
    >>encrypt, then decrypt the connection string in the web.config file?
    >>

    >
    >
    Sahil Malik, Nov 30, 2004
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Marshall Dudley

    encrypting and decrypting with perl

    Marshall Dudley, Jan 27, 2005, in forum: Perl
    Replies:
    1
    Views:
    742
    Brian McCauley
    Jan 27, 2005
  2. Replies:
    35
    Views:
    50,846
    Chris Uppal
    Nov 9, 2005
  3. dfa_geko
    Replies:
    3
    Views:
    382
    dfa_geko
    Apr 6, 2007
  4. Andy Chau
    Replies:
    7
    Views:
    211
    Andy Chau
    Oct 5, 2003
  5. Anders
    Replies:
    0
    Views:
    98
    Anders
    Jun 12, 2005
Loading...

Share This Page