|
|
|
|
|
|||||||
 |
ASP Net - Encrypting/Decrypting Connection String |
|
|
Thread Tools | Search this Thread |
11-29-2004, 06:23 PM
|
#1 |
Encrypting/Decrypting Connection String
I have my SQL Server connectionstring in my web.config file. I'm scared
that someone will open the file and get my username/password. How do I encrypt, then decrypt the connection string in the web.config file? VB Programmer |
|
|
|
11-29-2004, 07:05 PM
|
#2 |
|
Posts: n/a
|
RE: Encrypting/Decrypting Connection String
User the DP API provided by Microsoft or use the .net crypto api which is
included in the .net framework. Essentally, you will have to write a app that would encrypt this connection string, then copy and paste it in your web.config. Then you will have to implement a funciton in your code to decrypt the string. "VB Programmer" wrote: > I have my SQL Server connectionstring in my web.config file. I'm scared > that someone will open the file and get my username/password. How do I > encrypt, then decrypt the connection string in the web.config file? > > > |
|
|
|
11-29-2004, 08:15 PM
|
#3 |
|
Posts: n/a
|
Re: Encrypting/Decrypting Connection String
One of the best techniques is to use a trusted connection. That way you
don't need to list a username or password so there is nothing to hide. If this is not possible, you can alternately store the username and password encrypted in the registry. Here's more information: http://msdn.microsoft.com/library/de...itysection.asp -- I hope this helps, Steve C. Orr, MCSD, MVP http://Steve.Orr.net "VB Programmer" <Dont*NoSpam-Please*@jEmail.com> wrote in message news:... >I have my SQL Server connectionstring in my web.config file. I'm scared >that someone will open the file and get my username/password. How do I >encrypt, then decrypt the connection string in the web.config file? > |
|
|
|
11-30-2004, 05:08 AM
|
#4 |
|
Posts: n/a
|
Re: Encrypting/Decrypting Connection String
In addition to Steve's reply you might also find the following valuable -
(How To Store an Encrypted Connection String in the Registry) http://msdn.microsoft.com/library/en...asp?frame=true Might I add - there are mixed opinions about web apps accessing registry - some guys think it's cool, some think it's not. My personal view is - as far as security goes - that can be worked around in an acceptable manner - the one issue the above mentioned link doesn't address is - registry is SLOWWWWWWWW as a world war 2 tank !!!. (Like a WW2 tank .. it took a lot of cra~p). But then that can be worked around - it's easy - cache the connectionstring; and setup a dependency similiar to FileDependecy or SqlDependency; and bingo you just avoided the last argument against registry - performance. - Sahil Malik http://dotnetjunkies.com/weblog/sahilmalik "Steve C. Orr [MVP, MCSD]" <> wrote in message news:... > One of the best techniques is to use a trusted connection. That way you > don't need > to list a username or password so there is nothing to hide. > If this is not possible, you can alternately store the username and > password encrypted > in the registry. > Here's more information: > http://msdn.microsoft.com/library/de...itysection.asp > > -- > I hope this helps, > Steve C. Orr, MCSD, MVP > http://Steve.Orr.net > > > > "VB Programmer" <Dont*NoSpam-Please*@jEmail.com> wrote in message > news:... >>I have my SQL Server connectionstring in my web.config file. I'm scared >>that someone will open the file and get my username/password. How do I >>encrypt, then decrypt the connection string in the web.config file? >> > > |
|
|
