Solved

Passwords in web.config

Posted on 2006-06-26
3
976 Views
Last Modified: 2006-11-18
I have been able to run though this example and get it working: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnpag2/html/paght000006.asp

However, what parts should i keep and delete in the web.config?  Also, how does the code change when accessing it?

Currently all i am trying to encrypt is

      <smtp deliveryMethod="Network" from="this@that.com" >
        <network defaultCredentials="false" host="there.this.that" userName="them" password="dunno"  />
      </smtp>

Later when i put in a database i will need to do that connection string aswell.  Currently I only need the <network.. to be encrypted.  I have tried this example and it seems to put the new encrypted text in connection strings.  Do i leave them in there or do i move it to smpt?  Also, is there anywhere in the web.config that let's the program know what parts the encryption is for and what type of encryption it is using?

Thanks, this is kind of baffling me, but it seems like a 'do it once' and u'll know it forever type of thing.


0
Comment
Question by:UnexplainedWays
  • 2
3 Comments
 
LVL 5

Accepted Solution

by:
GENTP earned 500 total points
ID: 16987733
I used this tutorial to understand the concepts, then simply encoded the connection string in the web.config as an appsettings key. I also encrypt the passwords in the DB, but that isn't really related to your question.

http://aspnet.4guysfromrolla.com/articles/082703-1.aspx

I think that by doing it right in the web.config, then going to a db, you aren't really saving yourself any time. I'd recommend just diving straight into doing it on the DB.

G
0
 
LVL 12

Author Comment

by:UnexplainedWays
ID: 16989597
"I'd recommend just diving straight into doing it on the DB."

The smtp network will always be in the web.config, the connection string to the database will be added later to the config file.
0
 
LVL 12

Author Comment

by:UnexplainedWays
ID: 16989611
I just had a look at your link, and that's more for people logging in to you website and what they are allowed to do, the xml i provided is used to send emails via smtp.  When you create a new smpt() it goes into your web.config and pulls out this information, so it's easy to tweak in there.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
FTP File permissions 1 45
drop down navigation on mobile devices adds spaces 3 77
Do we need servers??? 5 190
compact pure CSS Read More Toggle 4 24
Read about why website design really matters in today's demanding market.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This tutorial demonstrates how to identify and create boundary or building outlines in Google Maps. In this example, I outline the boundaries of an enclosed skatepark within a community park.  Login to your Google Account, then  Google for "Google M…
The viewer will learn how to dynamically set the form action using jQuery.

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now