Encrypted Connection String and Security....Quick Question

R

Ranginald

Hi,

Assume I have an asp.net/sql server 2000 web app in a shared hosting
environment. I then encrypt the connection string using
ProtectSection("DataProtectionConfigurationProvider") in the page load
of my default.aspx page.

Am I understanding the following concepts then correctly?

1. I upload the site to the shared hosting server.
2. The first time I run the app eg. www.whatever.com/default.aspx,
the ProtectSection method above is executed.
3. Now the conn string area of my web.config is encrypted, and
asp.net will decrypt as needed.

4. If someone were to hack the server and view the web.config --
whether via getting into the server or via ftp, they would see an
encrypted connection string.


Thanks very much!
 
E

Eliyahu Goldin

Why don't you put the encrypted string straight into the web.config before
uploading?
 
R

Ranginald

Why don't you put the encrypted string straight into the web.config before
uploading?

--
Eliyahu Goldin,
Software Developer & Consultant
Microsoft MVP [ASP.NET]http://msmvps.com/blogs/egoldin


Hi,
Click to expand...
Assume I have an asp.net/sql server 2000 web app in a shared hosting
environment. I then encrypt the connection string using
ProtectSection("DataProtectionConfigurationProvider") in the page load
of my default.aspx page.
Click to expand...
Am I understanding the following concepts then correctly?
Click to expand...
1. I upload the site to the shared hosting server.
2. The first time I run the app eg.www.whatever.com/default.aspx,
the ProtectSection method above is executed.
3. Now the conn string area of my web.config is encrypted, and
asp.net will decrypt as needed.
Click to expand...
4. If someone were to hack the server and view the web.config --
whether via getting into the server or via ftp, they would see an
encrypted connection string.
Click to expand...
Thanks very much!
Click to expand...
Click to expand...

I would do that but then I'd have to, as far as I know, encrypt it on
the local machine and then export the key. I have no command prompt
access on the shared hosting server, and from all I've read (msdn.
forums, articles, etc) the above way looks to be the most straight
forward.

Are the steps that I outlined correct, though?

Thanks!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Encrypted and Decrypted Conn String Programatically 5
Connection String Server Name 2
encyption/decryption of connection string.. 1
ASP.NET 2.0 Encrypted Connection String 1
Web.config and Connection String Management 2
DBF connection string 9
Open Connection error 1
Connection String in .config file - Security Concerns 14

Members online

No members online now.
Total: 23 (members: 0, guests: 23)
Robots: 55

Forum statistics

Threads
473,770
Messages
2,569,588
Members
45,094
Latest member
PollyBlau4

Latest Threads

Top