Encrypted Connection String and Security....Quick Question

R

Ranginald

Hi,

Assume I have an asp.net/sql server 2000 web app in a shared hosting
environment. I then encrypt the connection string using
ProtectSection("DataProtectionConfigurationProvider") in the page load
of my default.aspx page.

Am I understanding the following concepts then correctly?

1. I upload the site to the shared hosting server.
2. The first time I run the app eg. www.whatever.com/default.aspx,
the ProtectSection method above is executed.
3. Now the conn string area of my web.config is encrypted, and
asp.net will decrypt as needed.

4. If someone were to hack the server and view the web.config --
whether via getting into the server or via ftp, they would see an
encrypted connection string.


Thanks very much!
 
E

Eliyahu Goldin

Why don't you put the encrypted string straight into the web.config before
uploading?
 
R

Ranginald

Why don't you put the encrypted string straight into the web.config before
uploading?

--
Eliyahu Goldin,
Software Developer & Consultant
Microsoft MVP [ASP.NET]http://msmvps.com/blogs/egoldin


Assume I have an asp.net/sql server 2000 web app in a shared hosting
environment. I then encrypt the connection string using
ProtectSection("DataProtectionConfigurationProvider") in the page load
of my default.aspx page.
Am I understanding the following concepts then correctly?
1. I upload the site to the shared hosting server.
2. The first time I run the app eg.www.whatever.com/default.aspx,
the ProtectSection method above is executed.
3. Now the conn string area of my web.config is encrypted, and
asp.net will decrypt as needed.
4. If someone were to hack the server and view the web.config --
whether via getting into the server or via ftp, they would see an
encrypted connection string.
Thanks very much!

I would do that but then I'd have to, as far as I know, encrypt it on
the local machine and then export the key. I have no command prompt
access on the shared hosting server, and from all I've read (msdn.
forums, articles, etc) the above way looks to be the most straight
forward.

Are the steps that I outlined correct, though?

Thanks!
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

No members online now.

Forum statistics

Threads
473,995
Messages
2,570,226
Members
46,815
Latest member
treekmostly22

Latest Threads

Top