«

Hi,

I need to store the database connection string inside web.config file. What
would be the best way to encrypt and decrypt it?

Thanks,
Ali

The Configuration Management Application Block has nice built in support for
this as well as some other useful features. You might give that a swing.

http://msdn.microsoft.com/library/de...asp?frame=true

Joe K.

"A.M" <> wrote in message
news:%...
> Hi,
>
> I need to store the database connection string inside web.config file.
What
> would be the best way to encrypt and decrypt it?
>
> Thanks,
> Ali
>
>

Ali,

Check this tool: http://www.obviex.com/cipherlite/. It is not very secure,
though (but neither is Configuration Management Application Block, since -
if I understand it correctly - it requires the encryption key to be stored
in plain text on the same system). Anyway, either option is still better
than keeping data unencrypted.

Alek

"A.M" <> wrote in message
news:%...
> Hi,
>
> I need to store the database connection string inside web.config file.
What
> would be the best way to encrypt and decrypt it?
>
> Thanks,
> Ali
>
>

Actually, the CMAB have a built-in security provider (DPAPIDataProtection
implementation) that no needs any key management to protect sensitive data.

http://msdn.microsoft.com/library/de.../html/cmab.asp




--
Hernan de Lahitte - MSDE
Lagash Systems S.A. - Buenos Aires, Argentina
http://www.lagash.com



"Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
news:#...
> Ali,
>
> Check this tool: http://www.obviex.com/cipherlite/. It is not very secure,
> though (but neither is Configuration Management Application Block, since -
> if I understand it correctly - it requires the encryption key to be stored
> in plain text on the same system). Anyway, either option is still better
> than keeping data unencrypted.
>
> Alek
>
> "A.M" <> wrote in message
> news:%...
> > Hi,
> >
> > I need to store the database connection string inside web.config file.
> What
> > would be the best way to encrypt and decrypt it?
> >
> > Thanks,
> > Ali
> >
> >
>
>

Yes, but DPAPI has quite a few limitations. For example, in the plain form,
it cannot be used by ASP.NET (or any other Web) applications, and the
question was about Web.config, so DPAPI is not going to help here.

Alek

"Hernan de Lahitte" <> wrote in message
news:...
> Actually, the CMAB have a built-in security provider (DPAPIDataProtection
> implementation) that no needs any key management to protect sensitive
data.
>
>
http://msdn.microsoft.com/library/de.../html/cmab.asp
>
>
>
>
> --
> Hernan de Lahitte - MSDE
> Lagash Systems S.A. - Buenos Aires, Argentina
> http://www.lagash.com
>
>
>
> "Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
> news:#...
> > Ali,
> >
> > Check this tool: http://www.obviex.com/cipherlite/. It is not very
secure,
> > though (but neither is Configuration Management Application Block,
since -
> > if I understand it correctly - it requires the encryption key to be
stored
> > in plain text on the same system). Anyway, either option is still better
> > than keeping data unencrypted.
> >
> > Alek
> >
> > "A.M" <> wrote in message
> > news:%...
> > > Hi,
> > >
> > > I need to store the database connection string inside web.config file.
> > What
> > > would be the best way to encrypt and decrypt it?
> > >
> > > Thanks,
> > > Ali
> > >
> > >
> >
> >
>
>