encrypting SQL server connection string in web.config

Discussion in 'ASP .Net Security' started by VR, Sep 7, 2003.

  1. VR

    VR Guest

    In my web.config I am storing a connection string to SQL
    server, along with password and user name. My goal is to
    somehow encrypt the string so it wouldn't be in clear text.

    From my understanding I cannot use the one-way algorithms,
    like MD5 or SHA1, since I'll have to decrypt the
    connection string I read from the file.

    Therefore, I tried using DES (symmetrical algorithm). The
    problem I might be having is that the encrypted version of
    the string consists of bytes with values from 0..255, so
    it doesn't map very well into ASCII, and therefore, I
    can't reliably store it in web.config file.

    Are there symmetrical algorithms that produce ASCII hash?
    Or am I doing the whole thing wrong?

    Thanks in advance for any help.

    VR
     
    VR, Sep 7, 2003
    #1
    1. Advertising

  2. Hi Victor,

    I understand that you need other symmetrical algorithms to produce ASCII
    hash. I will do some research for you and will get back to you with my
    findings.

    Best regards,
    Lewis
    This posting is provided "AS IS" with no warranties, and confers no rights.

    --------------------
    | Content-Class: urn:content-classes:message
    | From: "VR" <>
    | Sender: "VR" <>
    | Subject: encrypting SQL server connection string in web.config
    | Date: Sun, 7 Sep 2003 14:48:20 -0700
    | Lines: 20
    | Message-ID: <349d01c37589$c108e1e0$>
    | MIME-Version: 1.0
    | Content-Type: text/plain;
    | charset="iso-8859-1"
    | Content-Transfer-Encoding: 7bit
    | X-Newsreader: Microsoft CDO for Windows 2000
    | X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300
    | Thread-Index: AcN1icEGkZh7rJSHSomDe3N47YsQqw==
    | Newsgroups: microsoft.public.dotnet.framework.aspnet.security
    | Path: cpmsftngxa06.phx.gbl
    | Xref: cpmsftngxa06.phx.gbl
    microsoft.public.dotnet.framework.aspnet.security:6575
    | NNTP-Posting-Host: TK2MSFTNGXA09 10.40.1.161
    | X-Tomcat-NG: microsoft.public.dotnet.framework.aspnet.security
    |
    | In my web.config I am storing a connection string to SQL
    | server, along with password and user name. My goal is to
    | somehow encrypt the string so it wouldn't be in clear text.
    |
    | From my understanding I cannot use the one-way algorithms,
    | like MD5 or SHA1, since I'll have to decrypt the
    | connection string I read from the file.
    |
    | Therefore, I tried using DES (symmetrical algorithm). The
    | problem I might be having is that the encrypted version of
    | the string consists of bytes with values from 0..255, so
    | it doesn't map very well into ASCII, and therefore, I
    | can't reliably store it in web.config file.
    |
    | Are there symmetrical algorithms that produce ASCII hash?
    | Or am I doing the whole thing wrong?
    |
    | Thanks in advance for any help.
    |
    | VR
    |
     
    Lewis Wang [MSFT], Sep 9, 2003
    #2
    1. Advertising

  3. VR

    ryan_fagan Guest

    I use this class to map my encrypted values to hex which store well in ASCII format:


    /// <summary>
    /// Summary description for Hex.
    /// </summary>
    public class Hex
    {
    private Hex()
    {
    //
    // TODO: Add constructor logic here
    //
    }

    public static string ByteArrayToHexString(byte[] bytes)
    {
    StringBuilder hexString = new StringBuilder();
    for (int i = 0; i < bytes.Length; i++)
    {
    hexString.Append(bytes.ToString("X2"));
    }
    return hexString.ToString();
    }

    public static byte[] HexStringToByteArray(string hexString)
    {
    byte[] bytes = new byte[hexString.Length / 2];
    for (int i = 0; i < hexString.Length / 2; i++)
    {
    string hexChar = hexString[i*2].ToString() + hexString[i*2 + 1].ToString();
    bytes = Byte.Parse(hexChar, System.Globalization.NumberStyles.HexNumber);
    }
    return bytes;
    }

    }
     
    ryan_fagan, Sep 9, 2003
    #3
  4. VR

    Alek Davis Guest

    VR,

    Check out this tool, it can help you do exactly what you want:
    http://www.obviex.com/cipherlite/.

    --
    Alek

    "VR" <> wrote in message
    news:349d01c37589$c108e1e0$...
    > In my web.config I am storing a connection string to SQL
    > server, along with password and user name. My goal is to
    > somehow encrypt the string so it wouldn't be in clear text.
    >
    > From my understanding I cannot use the one-way algorithms,
    > like MD5 or SHA1, since I'll have to decrypt the
    > connection string I read from the file.
    >
    > Therefore, I tried using DES (symmetrical algorithm). The
    > problem I might be having is that the encrypted version of
    > the string consists of bytes with values from 0..255, so
    > it doesn't map very well into ASCII, and therefore, I
    > can't reliably store it in web.config file.
    >
    > Are there symmetrical algorithms that produce ASCII hash?
    > Or am I doing the whole thing wrong?
    >
    > Thanks in advance for any help.
    >
    > VR
     
    Alek Davis, Sep 9, 2003
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Michelle A.
    Replies:
    0
    Views:
    576
    Michelle A.
    Aug 20, 2003
  2. VB Programmer

    Encrypting/Decrypting Connection String

    VB Programmer, Nov 29, 2004, in forum: ASP .Net
    Replies:
    3
    Views:
    7,663
    Sahil Malik
    Nov 30, 2004
  3. Replies:
    3
    Views:
    866
    Samuel R. Neff
    Aug 3, 2007
  4. Ollie Riches
    Replies:
    1
    Views:
    1,690
    Gregory A. Beamer
    Dec 4, 2008
  5. FlyFishGuy

    Help Encrypting Connection String

    FlyFishGuy, Jan 6, 2006, in forum: ASP .Net Security
    Replies:
    9
    Views:
    186
    FlyFishGuy
    Jan 8, 2006
Loading...

Share This Page