B
Be_Reasonable
As many other people I have to make a decision on how to store my
connectionString. I'd like to use the new Typed DataSets. And I can not
use integrated security with our Oracle database.
So what is a little programmer to do?
I have read the documentation on Protected Configuratioon available for
ASP.NET. But unlike other programming topics where we can do one thing
or the other, and if it works relatively well, the decision of "how to"
is just a matter of taste. When is comes to security issues there are
subtle differences on what solution we pick, that turn out to be the
most important.
Should I use Protected Configuration? or not? I did not get a good
feeling from reading the documentation; neither did I get a bad
feeling. If the objective just to encrypt the connectionString. I would
say it works. But I would like to read a discussion on how secure it
really is before I make my decision.
Does anybody know where I can find such a thing? Is there anybody in
this group willing to engage such a discussion, so people like me can
benefit, and hopefully make a more educated decision.
Here is another thread I found where sombody expressed similar
concerns.
http://groups.google.com/group/micr...ConfigurationProvider&rnum=2#3181e86c1087af44
Finally here is the MSDN reference for Encrypting Configuration
Information Using Protected Configuration:
http://msdn2.microsoft.com/en-us/53tyfkaw(VS.80).aspx
connectionString. I'd like to use the new Typed DataSets. And I can not
use integrated security with our Oracle database.
So what is a little programmer to do?
I have read the documentation on Protected Configuratioon available for
ASP.NET. But unlike other programming topics where we can do one thing
or the other, and if it works relatively well, the decision of "how to"
is just a matter of taste. When is comes to security issues there are
subtle differences on what solution we pick, that turn out to be the
most important.
Should I use Protected Configuration? or not? I did not get a good
feeling from reading the documentation; neither did I get a bad
feeling. If the objective just to encrypt the connectionString. I would
say it works. But I would like to read a discussion on how secure it
really is before I make my decision.
Does anybody know where I can find such a thing? Is there anybody in
this group willing to engage such a discussion, so people like me can
benefit, and hopefully make a more educated decision.
Here is another thread I found where sombody expressed similar
concerns.
http://groups.google.com/group/micr...ConfigurationProvider&rnum=2#3181e86c1087af44
Finally here is the MSDN reference for Encrypting Configuration
Information Using Protected Configuration:
http://msdn2.microsoft.com/en-us/53tyfkaw(VS.80).aspx