Encrypting/Decrypting Connection String

V

VB Programmer

I have my SQL Server connectionstring in my web.config file. I'm scared
that someone will open the file and get my username/password. How do I
encrypt, then decrypt the connection string in the web.config file?
 
G

Guest

User the DP API provided by Microsoft or use the .net crypto api which is
included in the .net framework. Essentally, you will have to write a app
that would encrypt this connection string, then copy and paste it in your
web.config. Then you will have to implement a funciton in your code to
decrypt the string.
 
S

Sahil Malik

In addition to Steve's reply you might also find the following valuable -

(How To Store an Encrypted Connection String in the Registry)
http://msdn.microsoft.com/library/en-us/secmod/html/secmod25.asp?frame=true

Might I add - there are mixed opinions about web apps accessing registry -
some guys think it's cool, some think it's not. My personal view is - as far
as security goes - that can be worked around in an acceptable manner - the
one issue the above mentioned link doesn't address is - registry is
SLOWWWWWWWW as a world war 2 tank !!!. (Like a WW2 tank .. it took a lot of
cra~p).

But then that can be worked around - it's easy - cache the connectionstring;
and setup a dependency similiar to FileDependecy or SqlDependency; and bingo
you just avoided the last argument against registry - performance.

- Sahil Malik
http://dotnetjunkies.com/weblog/sahilmalik
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,903
Latest member
orderPeak8CBDGummies

Latest Threads

Top