Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > Secure connection to database

Reply
Thread Tools

Secure connection to database

 
 
Fariba
Guest
Posts: n/a
 
      03-30-2006
Hello All,

I have an asp.net application hosting in IIS 6.0 which talks to a database
in another DMZ (with firwall installed in between). I know that I can enrypt
and decrypt my connection string into web server's registry instead of plain
text in web.config ,but I was just thinking that once the app want to talk
to database ,does it send the connection string in plain text agian OR I
have to take extra steps to secure that too? Could you please guide me to a
good article explaining this?

Thanks a lot


 
Reply With Quote
 
 
 
 
Bruce Barker
Guest
Posts: n/a
 
      03-30-2006
depends on the database and what is in the connection string. some databases
(say sqlserver) can be configured to connect over ssl, or can't. also is the
username/password in the connect string?

also when you open the firewall for IIS to talk to the database, you might
only allow point to point, and pick a custom port.

-- bruce (sqlwork.com)



"Fariba" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hello All,
>
> I have an asp.net application hosting in IIS 6.0 which talks to a database
> in another DMZ (with firwall installed in between). I know that I can
> enrypt
> and decrypt my connection string into web server's registry instead of
> plain
> text in web.config ,but I was just thinking that once the app want to talk
> to database ,does it send the connection string in plain text agian OR I
> have to take extra steps to secure that too? Could you please guide me to
> a
> good article explaining this?
>
> Thanks a lot
>
>



 
Reply With Quote
 
 
 
 
Fariba
Guest
Posts: n/a
 
      03-31-2006
Hi Bruce,

Database is sql server .Username and password is in connection string.
Could you please elaborate more on this:
> also when you open the firewall for IIS to talk to the database, you might
> only allow point to point, and pick a custom port.



Thanks a lot for your nice reply.

"Bruce Barker" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> depends on the database and what is in the connection string. some
> databases (say sqlserver) can be configured to connect over ssl, or can't.
> also is the username/password in the connect string?
>
> also when you open the firewall for IIS to talk to the database, you might
> only allow point to point, and pick a custom port.
>
> -- bruce (sqlwork.com)
>
>
>
> "Fariba" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hello All,
>>
>> I have an asp.net application hosting in IIS 6.0 which talks to a
>> database
>> in another DMZ (with firwall installed in between). I know that I can
>> enrypt
>> and decrypt my connection string into web server's registry instead of
>> plain
>> text in web.config ,but I was just thinking that once the app want to
>> talk
>> to database ,does it send the connection string in plain text agian OR I
>> have to take extra steps to secure that too? Could you please guide me to
>> a
>> good article explaining this?
>>
>> Thanks a lot
>>
>>

>
>



 
Reply With Quote
 
Joerg Jooss
Guest
Posts: n/a
 
      03-31-2006
Thus wrote Fariba,

> Hello All,
>
> I have an asp.net application hosting in IIS 6.0 which talks to a
> database in another DMZ (with firwall installed in between). I know
> that I can enrypt and decrypt my connection string into web server's
> registry instead of plain text in web.config ,but I was just thinking
> that once the app want to talk to database ,does it send the
> connection string in plain text agian OR I have to take extra steps to
> secure that too? Could you please guide me to a good article
> explaining this?


See http://msdn.microsoft.com/practices/...SecNetch12.asp

Cheers,
--
Joerg Jooss
http://www.velocityreviews.com/forums/(E-Mail Removed)


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Database Database Database Database scott93727@gmail.com Computer Information 0 09-27-2012 02:43 AM
DataBase DataBase DataBase DataBase scott93727@gmail.com Computer Information 0 09-26-2012 09:40 AM
Secure your digital information assets with Secure Auditor. SecureWindows with Secure Auditor alannis.albert@googlemail.com Cisco 0 04-14-2008 06:53 AM
Secure your digital information assets with Secure Auditor SecureWindows with Secure Auditor alannis.albert@googlemail.com Cisco 0 04-14-2008 06:52 AM



Advertisments