Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Is it nessasery to encrypt connection strings ASP.net

Posted on 2012-03-23
5
Medium Priority
?
472 Views
Last Modified: 2012-03-23
Hi I am new to asp.net and have now built my first site.
I just want to check if I should encrypt the connection strings. I looked into this when I first started but could not get it working (cannot remember why now). I noticed that i can not view the web.config file so thought no one else would.

But I just wanted to know if it is possible for other to see it and if so blockit or encrypt it.
0
Comment
Question by:taz8020
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 53

Assisted Solution

by:Dhaest
Dhaest earned 400 total points
ID: 37756636
Encrypting Configuration Information in ASP.NET 2.0 Applications

http://www.4guysfromrolla.com/articles/021506-1.aspx
0
 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 37756639
It's possible for whoever has authorization for the folder where you web.config resides to view the file. Typically, this would only be admins for the machine in question. Ask yourself who will have direct access to the machine and its filesystem, and also what could happen if someone gain unauthorized access to your machine and its filesystem. That might help you decide whether or not to encrypt the web.config.
0
 
LVL 53

Assisted Solution

by:Dhaest
Dhaest earned 400 total points
ID: 37756646
How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI
http://msdn.microsoft.com/en-us/library/ff647398.aspx

Protecting Connection Information (ADO.NET)
http://msdn.microsoft.com/en-us/library/89211k9b.aspx
0
 
LVL 3

Author Comment

by:taz8020
ID: 37756855
Hi Thanks the web.config is in the root directory, which is where the default.aspx file is. If i try and view the file through a web browser I can not see it. I get an error saying
"The requested filtering module is configured to deny a path to the URL"

As I am the only person with access to the server and the only admin is it that important. As long as no one on the www can see it and change the database I dont see it being a problem?
0
 
LVL 75

Accepted Solution

by:
käµfm³d   👽 earned 1600 total points
ID: 37756909
That is correct. By default, and as a security measure, web.config files are not served. You should not copy them to the website directory, but your code-behind files also would not be served if you deploy them to the web server. There are a couple of other files which are not served (I believe global.asax is one), but I cannot remember all of them. I'm sure they'd come up on a quick internet search.
0

Featured Post

Free Backup Tool for VMware and Hyper-V

Restore full virtual machine or individual guest files from 19 common file systems directly from the backup file. Schedule VM backups with PowerShell scripts. Set desired time, lean back and let the script to notify you via email upon completion.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IntroductionWhile developing web applications, a single page might contain many regions and each region might contain many number of controls with the capability to perform  postback. Many times you might need to perform some action on an ASP.NET po…
More often than not, we developers are confronted with a need: a need to make some kind of magic happen via code. Whether it is for a client, for the boss, or for our own personal projects, the need must be satisfied. Most of the time, the Framework…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question