473,378 Members | 1,377 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > encrypted connection string and security....quick question

Join Bytes to post your question to a community of 473,378 software developers and data experts.

Encrypted Connection String and Security....Quick Question

Hi,

Assume I have an asp.net/sql server 2000 web app in a shared hosting
environment. I then encrypt the connection string using
ProtectSection("DataProtectionConfigurationProvide r") in the page load
of my default.aspx page.

Am I understanding the following concepts then correctly?

1. I upload the site to the shared hosting server.
2. The first time I run the app eg. www.whatever.com/default.aspx,
the ProtectSection method above is executed.
3. Now the conn string area of my web.config is encrypted, and
asp.net will decrypt as needed.

4. If someone were to hack the server and view the web.config --
whether via getting into the server or via ftp, they would see an
encrypted connection string.
Thanks very much!

Feb 5 '07 #1
2 2083
Why don't you put the encrypted string straight into the web.config before
uploading?

--
Eliyahu Goldin,
Software Developer & Consultant
Microsoft MVP [ASP.NET]
http://msmvps.com/blogs/egoldin
"Ranginald" <da*******@gmail.comwrote in message
news:11**********************@v33g2000cwv.googlegr oups.com...
Hi,

Assume I have an asp.net/sql server 2000 web app in a shared hosting
environment. I then encrypt the connection string using
ProtectSection("DataProtectionConfigurationProvide r") in the page load
of my default.aspx page.

Am I understanding the following concepts then correctly?

1. I upload the site to the shared hosting server.
2. The first time I run the app eg. www.whatever.com/default.aspx,
the ProtectSection method above is executed.
3. Now the conn string area of my web.config is encrypted, and
asp.net will decrypt as needed.

4. If someone were to hack the server and view the web.config --
whether via getting into the server or via ftp, they would see an
encrypted connection string.
Thanks very much!

Feb 5 '07 #2
On Feb 5, 2:18 am, "Eliyahu Goldin"
<REMOVEALLCAPITALSeEgGoldD...@mMvVpPsS.orgwrote:
Why don't you put the encrypted string straight into the web.config before
uploading?

--
Eliyahu Goldin,
Software Developer & Consultant
Microsoft MVP [ASP.NET]http://msmvps.com/blogs/egoldin

"Ranginald" <davidw...@gmail.comwrote in message

news:11**********************@v33g2000cwv.googlegr oups.com...
Hi,
Assume I have an asp.net/sql server 2000 web app in a shared hosting
environment. I then encrypt the connection string using
ProtectSection("DataProtectionConfigurationProvide r") in the page load
of my default.aspx page.
Am I understanding the following concepts then correctly?
1. I upload the site to the shared hosting server.
2. The first time I run the app eg.www.whatever.com/default.aspx,
the ProtectSection method above is executed.
3. Now the conn string area of my web.config is encrypted, and
asp.net will decrypt as needed.
4. If someone were to hack the server and view the web.config --
whether via getting into the server or via ftp, they would see an
encrypted connection string.
Thanks very much!
I would do that but then I'd have to, as far as I know, encrypt it on
the local machine and then export the key. I have no command prompt
access on the shared hosting server, and from all I've read (msdn.
forums, articles, etc) the above way looks to be the most straight
forward.

Are the steps that I outlined correct, though?

Thanks!

Feb 6 '07 #3
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

8
Encrypted File Transfer
by: Philipp Brune | last post by:
Hi all, the following problem occured to me and I hope somebody can help me : I need to implement an encrypted File download with a PHP script on the server side and a c# client application....
PHP
10
searching for encrypted fields in data columns
by: sffan | last post by:
I am new to database programming and was curious how others solve the problem of storing encrypted in data in db table columns and then subsequently searching for these records. The particular...
Microsoft SQL Server
12
Encrypted Connection String
by: Dave Bailey | last post by:
I need to store an encrypted connection string in the web.config file. I have found several examples on the Net but nothing specific as to how to accomplish task. Thanks in advance, Dave
C# / C Sharp
4
Problem with Connection based Transaction in SQL Helper class
by: Rahul Anand | last post by:
Getting SQL Exception when trying to implement Connection based Trasaction using SQL Helper class. I am using the follwing function to execute my stored procs: -=-=-=- ExecuteScalar(ByVal...
C# / C Sharp
3
Sharing encrypted data with .Net?
by: Todd Gruben | last post by:
I am trying to send some encrypted data from a php application to be decoded in a .Net application. Both apps encode/decode a given string but generate different encrypted results. Anyone have...
C# / C Sharp
12
Using encrypted dB connection string
by: Charlie | last post by:
Hi: My host will not allow me use a trusted connection or make registry setting, so I'm stuck trying find a way to hide connection string which will be stored in web.config file. If I encrypt...
ASP.NET
5
Encrypted and Decrypted Conn String Programatically
by: Ranginald | last post by:
Hi, I have a question about encrypting connection strings in an asp.net 2.0 app in a shared hosting environment. From what I have read, I believe I need to programatically encrypt and decrypt...
ASP.NET
1
Change Connection String during runtime
by: Sankalp | last post by:
Hi, I am using VB 2005. My application has many data bound controls. The connection is stored in the app.config file. I want the application to start with a default connection string and while...
Visual Basic .NET
5
Saving Encrypted Data to a Configuration File in C#
by: akshaycjoshi | last post by:
Ok ! I am reading the book Pro ADO.net. The author says that the <exename>.config files can store the connection string for security purposes. Later he says that still the connection string...
.NET Framework
1
Cloud Servers without Credit Card and Email Registration: A Simpler Way to Get on the Cloud
by: CloudSolutions | last post by:
Introduction: For many beginners and individual users, requiring a credit card and email registration may pose a barrier when starting to use cloud servers. However, some cloud server providers now...
General
0
isladogs
Access Europe: Command bars, the Access Shortcut Tool and a simple Audit Log - Wed 3 April
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 3 Apr 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome former...
General
0
One-click Importing Excel Data into a*Database
by: ryjfgjl | last post by:
In our work, we often need to import Excel data into databases (such as MySQL, SQL Server, Oracle) for data analysis and processing. Usually, we use database tools like Navicat or the Excel import...
Microsoft Excel
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!