Encrypted Connection String

12-14-2003

How would I go about taking my DB connection strings and putting them into
my Web.Config file in encrypted form? Of course, I'd need to know how to
call and decrypt them from the various .aspx pages that need the info.

Thanks!

12-15-2003

Hi Scott,

Normmally, the client user can't access the web.config and we can consider
the connection string is safe without encryption. If you do want to encrypt
a string in web.config, you may take a look at classes in
System.Security.Cryptography Namespace:

http://msdn.microsoft.com/library/de...us/cpref/html/
frlrfSystemSecurityCryptography.asp

Luke
Microsoft Online Support

Get Secure! www.microsoft.com/security
(This posting is provided "AS IS", with no warranties, and confers no
rights.)

12-15-2003

Hi Luke. Thanks for your reply. The link you posted will be helpful. The
only comment I have is that "normally" the client user can't get the the
source code of the ASP.NET page either, but we don't consider putting
connection strings in them a safe thing to do so encryptioin AND using
web.config gives us a second and third line of defense.

"MSFT" <> wrote in message
news:...
> Hi Scott,
>
> Normmally, the client user can't access the web.config and we can
consider
> the connection string is safe without encryption. If you do want to
encrypt
> a string in web.config, you may take a look at classes in
> System.Security.Cryptography Namespace:
>
>
http://msdn.microsoft.com/library/de...us/cpref/html/
> frlrfSystemSecurityCryptography.asp
>
> Luke
> Microsoft Online Support
>
> Get Secure! www.microsoft.com/security
> (This posting is provided "AS IS", with no warranties, and confers no
> rights.)
>

12-15-2003

The November issue of MSDN magazine has an article on this
topic.
>-----Original Message-----
>Hi Luke. Thanks for your reply. The link you posted
will be helpful. The
>only comment I have is that "normally" the client user
can't get the the
>source code of the ASP.NET page either, but we don't
consider putting
>connection strings in them a safe thing to do so
encryptioin AND using
>web.config gives us a second and third line of defense.
>
>
>
>"MSFT" <> wrote in message
>news:...
>> Hi Scott,
>>
>> Normmally, the client user can't access the web.config
and we can
>consider
>> the connection string is safe without encryption. If
you do want to
>encrypt
>> a string in web.config, you may take a look at classes
in
>> System.Security.Cryptography Namespace:
>>
>>
>http://msdn.microsoft.com/library/default.asp?
url=/library/en-us/cpref/html/
>> frlrfSystemSecurityCryptography.asp
>>
>> Luke
>> Microsoft Online Support
>>
>> Get Secure! www.microsoft.com/security
>> (This posting is provided "AS IS", with no warranties,
and confers no
>> rights.)
>>
>
>
>.
>

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Encrypted Connection String and Security....Quick Question	Ranginald	ASP .Net	2	02-06-2007 12:19 AM
ASP.NET 2.0 Encrypted Connection String	JohnMSyrasoft	ASP .Net Security	1	04-12-2005 04:11 PM
Size of Entropy with Dpapi Encrypted Connection String	Phil C.	ASP .Net Security	8	03-17-2005 07:01 AM
Loose encrypted connection after re-boot	joekohn@att.net	Wireless Networking	0	12-26-2004 03:51 AM
Using encrypted dB connection string	Alek Davis	ASP .Net	12	06-03-2004 06:20 PM