K
Ken
hi
I want to encrypt the Connection String that is located in the Web.Config file
How Can I do it?
I want to encrypt the Connection String that is located in the Web.Config file
How Can I do it?
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
D
Dino Chiesa [Microsoft]
Ken,
If you encrypt the connection string, later you will only have to decrypt
it. Which means somewhere you will need to store the key, and you are no
more secure than when you started.
It is not the same as encrypting (or hashing) a password - for that you only
need to go one way. To verify the password later, you apply the same hash
to the candidate password, and compare the hash of the known good password
to the hash of the candidate password. If they match, then the user entered
the correct password.
But connection strings don't work the same way. You need the plaintext
connection string to connect to the database. You cannot use a one-way hash
of the connection string. So if you encrypt in in the store, you will need
to decrypt it later.
Don't despare! There are good options. For a discussion of them, please
see this text:
http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetlpMSDN.asp
....specifically , the chapter on data access security,
http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch12.asp
in short, the best recommendation is to use integrated security. But see
the doc for a full discussion.
-Dino
If you encrypt the connection string, later you will only have to decrypt
it. Which means somewhere you will need to store the key, and you are no
more secure than when you started.
It is not the same as encrypting (or hashing) a password - for that you only
need to go one way. To verify the password later, you apply the same hash
to the candidate password, and compare the hash of the known good password
to the hash of the candidate password. If they match, then the user entered
the correct password.
But connection strings don't work the same way. You need the plaintext
connection string to connect to the database. You cannot use a one-way hash
of the connection string. So if you encrypt in in the store, you will need
to decrypt it later.
Don't despare! There are good options. For a discussion of them, please
see this text:
http://msdn.microsoft.com/library/en-us/dnnetsec/html/secnetlpMSDN.asp
....specifically , the chapter on data access security,
http://msdn.microsoft.com/library/en-us/dnnetsec/html/SecNetch12.asp
in short, the best recommendation is to use integrated security. But see
the doc for a full discussion.
-Dino
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.
Forum statistics
Latest Threads
-
Problem in using POST to retrive data from HTML
- Started by DMUK_Beginner
-
Recommend some AI code bug finder for code error
- Started by treekmostly22
-
How to Merge to div with each other as shadow effect?
- Started by treekmostly22
-
Syntax error
- Started by RGIANNETTI
-
SYNTAX ERROR
- Started by RGIANNETTI
-
Right or wrong
- Started by Tobi1987
-
Hello , Im Emilio
- Started by Mercury_Dev
-
Anyone want to balance my browser-based clicker game?
- Started by timo
-
DNS Disaster: The Server Downfall
- Started by Infinityhost
-
Web-Based RAM Management: Real-Time Server Control in Windows 10
- Started by Infinityhost