Web.config Encryption


G

Guest

Hi, I am an experienced .Net developer, but new to ASP.Net 2.0.

I have been using the Personal Web Site Starter Kit and have successfully
uploaded the site to a shared hosting provider. I am connecting to the SQL
database via SQL authentication rather than Windows authentication, as I have
no control over the Windows user accounts. This means the SQL user name and
password are in clear text in the connection string in web.config.

Therefore, best practice dictates that I encrypt the web.config file to hide
the SQL login details. But the only way to encrypt a section of the config
file is to run aspnet_regiis.exe on the server, to which I have no access.

What are my options, if any, for protecting my config file? Does anyone know
of any resources on how to create a custom encryption scheme?

Regards,

Jazza
 
Ad

Advertisements

Ad

Advertisements

G

Guest

Bruce,

I know about the built-in encryption options. My problem is that I can't use
these on my ISP's web server, as I do not have access to the command-line to
run the necessary commands to generate the encryption keys.

I probably have to write a custom encryption mechanism, but how do I go
about it?
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top