Secure connection to database

Discussion in 'ASP .Net' started by Fariba, Mar 30, 2006.

  1. Fariba

    Fariba Guest

    Hello All,

    I have an asp.net application hosting in IIS 6.0 which talks to a database
    in another DMZ (with firwall installed in between). I know that I can enrypt
    and decrypt my connection string into web server's registry instead of plain
    text in web.config ,but I was just thinking that once the app want to talk
    to database ,does it send the connection string in plain text agian OR I
    have to take extra steps to secure that too? Could you please guide me to a
    good article explaining this?

    Thanks a lot
    Fariba, Mar 30, 2006
    #1
    1. Advertising

  2. Fariba

    Bruce Barker Guest

    depends on the database and what is in the connection string. some databases
    (say sqlserver) can be configured to connect over ssl, or can't. also is the
    username/password in the connect string?

    also when you open the firewall for IIS to talk to the database, you might
    only allow point to point, and pick a custom port.

    -- bruce (sqlwork.com)



    "Fariba" <> wrote in message
    news:...
    > Hello All,
    >
    > I have an asp.net application hosting in IIS 6.0 which talks to a database
    > in another DMZ (with firwall installed in between). I know that I can
    > enrypt
    > and decrypt my connection string into web server's registry instead of
    > plain
    > text in web.config ,but I was just thinking that once the app want to talk
    > to database ,does it send the connection string in plain text agian OR I
    > have to take extra steps to secure that too? Could you please guide me to
    > a
    > good article explaining this?
    >
    > Thanks a lot
    >
    >
    Bruce Barker, Mar 30, 2006
    #2
    1. Advertising

  3. Fariba

    Fariba Guest

    Hi Bruce,

    Database is sql server .Username and password is in connection string.
    Could you please elaborate more on this:
    > also when you open the firewall for IIS to talk to the database, you might
    > only allow point to point, and pick a custom port.



    Thanks a lot for your nice reply.

    "Bruce Barker" <> wrote in message
    news:...
    > depends on the database and what is in the connection string. some
    > databases (say sqlserver) can be configured to connect over ssl, or can't.
    > also is the username/password in the connect string?
    >
    > also when you open the firewall for IIS to talk to the database, you might
    > only allow point to point, and pick a custom port.
    >
    > -- bruce (sqlwork.com)
    >
    >
    >
    > "Fariba" <> wrote in message
    > news:...
    >> Hello All,
    >>
    >> I have an asp.net application hosting in IIS 6.0 which talks to a
    >> database
    >> in another DMZ (with firwall installed in between). I know that I can
    >> enrypt
    >> and decrypt my connection string into web server's registry instead of
    >> plain
    >> text in web.config ,but I was just thinking that once the app want to
    >> talk
    >> to database ,does it send the connection string in plain text agian OR I
    >> have to take extra steps to secure that too? Could you please guide me to
    >> a
    >> good article explaining this?
    >>
    >> Thanks a lot
    >>
    >>

    >
    >
    Fariba, Mar 31, 2006
    #3
  4. Fariba

    Joerg Jooss Guest

    Thus wrote Fariba,

    > Hello All,
    >
    > I have an asp.net application hosting in IIS 6.0 which talks to a
    > database in another DMZ (with firwall installed in between). I know
    > that I can enrypt and decrypt my connection string into web server's
    > registry instead of plain text in web.config ,but I was just thinking
    > that once the app want to talk to database ,does it send the
    > connection string in plain text agian OR I have to take extra steps to
    > secure that too? Could you please guide me to a good article
    > explaining this?


    See http://msdn.microsoft.com/practices...l=/library/en-us/dnnetsec/html/SecNetch12.asp

    Cheers,
    --
    Joerg Jooss
    Joerg Jooss, Mar 31, 2006
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. A.M
    Replies:
    5
    Views:
    5,421
    Teemu Keiski
    Jun 8, 2004
  2. Daniel Malcolm
    Replies:
    0
    Views:
    545
    Daniel Malcolm
    Jan 24, 2005
  3. zdrakec
    Replies:
    1
    Views:
    428
    zdrakec
    Jul 25, 2005
  4. Joe
    Replies:
    5
    Views:
    947
    Steven Cheng[MSFT]
    Dec 13, 2005
  5. AF
    Replies:
    0
    Views:
    123
Loading...

Share This Page