Web.config Encryption

Discussion in 'ASP .Net' started by Guest, May 21, 2007.

  1. Guest

    Guest Guest

    Hi, I am an experienced .Net developer, but new to ASP.Net 2.0.

    I have been using the Personal Web Site Starter Kit and have successfully
    uploaded the site to a shared hosting provider. I am connecting to the SQL
    database via SQL authentication rather than Windows authentication, as I have
    no control over the Windows user accounts. This means the SQL user name and
    password are in clear text in the connection string in web.config.

    Therefore, best practice dictates that I encrypt the web.config file to hide
    the SQL login details. But the only way to encrypt a section of the config
    file is to run aspnet_regiis.exe on the server, to which I have no access.

    What are my options, if any, for protecting my config file? Does anyone know
    of any resources on how to create a custom encryption scheme?

    Regards,

    Jazza
     
    Guest, May 21, 2007
    #1
    1. Advertisements

  2. Guest

    bruce barker Guest

    bruce barker, May 21, 2007
    #2
    1. Advertisements

  3. Guest

    Guest Guest

    Bruce,

    I know about the built-in encryption options. My problem is that I can't use
    these on my ISP's web server, as I do not have access to the command-line to
    run the necessary commands to generate the encryption keys.

    I probably have to write a custom encryption mechanism, but how do I go
    about it?
     
    Guest, May 22, 2007
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.