Hello All,
I have an asp.net application hosting in IIS 6.0 which talks to a database
in another DMZ (with firwall installed in between). I know that I can enrypt
and decrypt my connection string into web server's registry instead of plain
text in web.config ,but I was just thinking that once the app want to talk
to database ,does it send the connection string in plain text agian OR I
have to take extra steps to secure that too? Could you please guide me to a
good article explaining this?
Thanks a lot
3  1414 
depends on the database and what is in the connection string. some databases
(say sqlserver) can be configured to connect over ssl, or can't. also is the
username/password in the connect string?
also when you open the firewall for IIS to talk to the database, you might
only allow point to point, and pick a custom port.
-- bruce (sqlwork.com)
"Fariba" <fa****@yahoo.com> wrote in message
news:ug**************@TK2MSFTNGP10.phx.gbl... Hello All,
I have an asp.net application hosting in IIS 6.0 which talks to a database
in another DMZ (with firwall installed in between). I know that I can
enrypt
and decrypt my connection string into web server's registry instead of
plain
text in web.config ,but I was just thinking that once the app want to talk
to database ,does it send the connection string in plain text agian OR I
have to take extra steps to secure that too? Could you please guide me to
a
good article explaining this?
Thanks a lot
Hi Bruce,
Database is sql server .Username and password is in connection string.
Could you please elaborate more on this: also when you open the firewall for IIS to talk to the database, you might
only allow point to point, and pick a custom port.
Thanks a lot for your nice reply.
"Bruce Barker" <br******************@safeco.com> wrote in message
news:Or**************@tk2msftngp13.phx.gbl... depends on the database and what is in the connection string. some
databases (say sqlserver) can be configured to connect over ssl, or can't.
also is the username/password in the connect string?
also when you open the firewall for IIS to talk to the database, you might
only allow point to point, and pick a custom port.
-- bruce (sqlwork.com)
"Fariba" <fa****@yahoo.com> wrote in message
news:ug**************@TK2MSFTNGP10.phx.gbl... Hello All,
I have an asp.net application hosting in IIS 6.0 which talks to a
database
in another DMZ (with firwall installed in between). I know that I can
enrypt
and decrypt my connection string into web server's registry instead of
plain
text in web.config ,but I was just thinking that once the app want to
talk
to database ,does it send the connection string in plain text agian OR I
have to take extra steps to secure that too? Could you please guide me to
a
good article explaining this?
Thanks a lot
Thus wrote Fariba, Hello All,
I have an asp.net application hosting in IIS 6.0 which talks to a
database in another DMZ (with firwall installed in between). I know
that I can enrypt and decrypt my connection string into web server's
registry instead of plain text in web.config ,but I was just thinking
that once the app want to talk to database ,does it send the
connection string in plain text agian OR I have to take extra steps to
secure that too? Could you please guide me to a good article
explaining this?
See http://msdn.microsoft.com/practices/...SecNetch12.asp
Cheers,
--
Joerg Jooss ne********@joergjooss.de This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Sarah Tanembaum |
last post by:
I was wondering if it is possible to create a secure database system
using RDBMS(MySQL, Oracle, SQL*Server, PostgreSQL etc) and web
scripting/programming language(Perl, PHP, Ruby, Java, ASP, etc)...
|
by: Dayne |
last post by:
Guys,
I am writing a database application(vb.net , sql server) and is presently
storing the connection settings in a xml file...not very secure though. What
is a safer method in a dynamic...
|
by: peter |
last post by:
I have taken over the website duties at work. I am still learning PHP
and MySQL. I want to have a form where the user enters some finacial
info and it is stored in a database. It, obviously,...
|
by: Lyle Fairfield |
last post by:
I was just showing a youngster some MS-SQL stuff on a remote Internet
enabled shared server. He logged in with my User Name and Password. I
was busy for a minute. Then he said, "This (stored...
|
by: jensendarren |
last post by:
I just made a .NET Windows Application which uses MS Access as a
backend. Is there a way to deploy the mdb file so that it does not
appear as an Access db to the end user and still be accessable to...
|
by: Seth |
last post by:
I have noticed that the id of my session object changes
when I switch from a non-secure to a secure connection.
What I'm trying to do:
I have a cookie that is built on the non-secure side of...
|
by: COHENMARVIN |
last post by:
I have a sql server database hosted by an ISP. It has credit card
fields. I want to make the database secure.
My asp.net pages refer to the database as follows:
strConnection =...
|
by: devonknows |
last post by:
Hi can any one please help me with creating a secure database with ADO or ADOX if possible, ive got this code already but its not accessible through VisData so i cant easily modify it at all.
...
|
by: =?Utf-8?B?TWljaGVsQFZvb3JidXJn?= |
last post by:
Hi all,
i've built a C# dll / component with some wonderful services to the clients
Payroll service.
As you might guess, i only want MY pogram to use this DLL.
If some developer get's hold of a...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new...
| |
