Hi, I am an experienced .Net developer, but new to ASP.Net 2.0.
I have been using the Personal Web Site Starter Kit and have successfully
uploaded the site to a shared hosting provider. I am connecting to the SQL
database via SQL authentication rather than Windows authentication, as I have
no control over the Windows user accounts. This means the SQL user name and
password are in clear text in the connection string in web.config.
Therefore, best practice dictates that I encrypt the web.config file to hide
the SQL login details. But the only way to encrypt a section of the config
file is to run aspnet_regiis.exe on the server, to which I have no access.
What are my options, if any, for protecting my config file? Does anyone know
of any resources on how to create a custom encryption scheme?
Regards,
Jazza
2  5099 
this feature is builtin (since 1.1). http://msdn2.microsoft.com/en-us/library/ms998280.aspx
-- bruce (sqlwork.com)
Jazza wrote:
Hi, I am an experienced .Net developer, but new to ASP.Net 2.0.
I have been using the Personal Web Site Starter Kit and have successfully
uploaded the site to a shared hosting provider. I am connecting to the SQL
database via SQL authentication rather than Windows authentication, as I have
no control over the Windows user accounts. This means the SQL user name and
password are in clear text in the connection string in web.config.
Therefore, best practice dictates that I encrypt the web.config file to hide
the SQL login details. But the only way to encrypt a section of the config
file is to run aspnet_regiis.exe on the server, to which I have no access.
What are my options, if any, for protecting my config file? Does anyone know
of any resources on how to create a custom encryption scheme?
Regards,
Jazza
Bruce,
I know about the built-in encryption options. My problem is that I can't use
these on my ISP's web server, as I do not have access to the command-line to
run the necessary commands to generate the encryption keys.
I probably have to write a custom encryption mechanism, but how do I go
about it?
"bruce barker" wrote:
this feature is builtin (since 1.1).
http://msdn2.microsoft.com/en-us/library/ms998280.aspx
-- bruce (sqlwork.com)
Jazza wrote:
Hi, I am an experienced .Net developer, but new to ASP.Net 2.0.
I have been using the Personal Web Site Starter Kit and have successfully
uploaded the site to a shared hosting provider. I am connecting to the SQL
database via SQL authentication rather than Windows authentication, as I have
no control over the Windows user accounts. This means the SQL user name and
password are in clear text in the connection string in web.config.
Therefore, best practice dictates that I encrypt the web.config file to hide
the SQL login details. But the only way to encrypt a section of the config
file is to run aspnet_regiis.exe on the server, to which I have no access.
What are my options, if any, for protecting my config file? Does anyone know
of any resources on how to create a custom encryption scheme?
Regards,
Jazza
This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics
by: Staffing |
last post by:
Is there a better way to store data base passwords in web.config file rather
then having them on clear
Jay
|
by: John Buchmann |
last post by:
In my web.config, I have a section that has a name and
password:
<credentials passwordFormat="Clear">
<user name="aaa" password="bbb" />
</credentials>
Is this secure? What is to stop...
|
by: Chris Dunaway |
last post by:
I have a web service that references a data class library which performs
SQL Server access. Since the web service is also a class library, there is
no App.Config, only Web.config. Is Web.Config...
|
by: WebMatrix |
last post by:
Hello,
I have developed a web application that connects to 2 different database
servers. The connection strings with db username + password are stored in
web.config file.
After a code review,...
|
by: Jim Andersen |
last post by:
Hi,
I would appreciate if someone could explain this behaviour, and maybe offer
a better solution.
I have been working with the GridView control. And SqlDataSource. It works
great if I do:...
|
by: Ryan |
last post by:
I've created a custom configuration section that inherits (naturally) from
System.Configuration.ConfigurationSection. The configuration section is
working 99% fine, however I keep coming across a...
|
by: Saqib Ali |
last post by:
I have some security concerns over storing a Active Directory username/
passwd in a text based web.config file for the identity impersonation
definition.
I know that web.conf is not accessible...
|
by: Tom Baxter |
last post by:
Hi everyone,
I have a small block of code that encrypts a database connection string in a
..config file, but I'm not sure where the encryption key comes from. There is
no problem with this code...
|
by: Max2006 |
last post by:
Hi,
In our production environment, we would like to protect our database
connection string against system administrators (they are admin on the web
server box)
I went through this article that...
|
by: Charles Arthur |
last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
|
by: ryjfgjl |
last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
|
by: emmanuelkatto |
last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud.
Please let me know.
Thanks!
Emmanuel
|
by: BarryA |
last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
|
by: Sonnysonu |
last post by:
This is the data of csv file
1 2 3
1 2 3
1 2 3
1 2 3
2 3
2 3
3
the lengths should be different i have to store the data by column-wise with in the specific length.
suppose the i have to...
|
by: Hystou |
last post by:
There are some requirements for setting up RAID:
1. The motherboard and BIOS support RAID configuration.
2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
|
by: marktang |
last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
|
by: Oralloy |
last post by:
Hello folks,
I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>".
The problem is that using the GNU compilers,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each...
| |
