Solved

Is it nessasery to encrypt connection strings ASP.net

Posted on 2012-03-23
5
467 Views
Last Modified: 2012-03-23
Hi I am new to asp.net and have now built my first site.
I just want to check if I should encrypt the connection strings. I looked into this when I first started but could not get it working (cannot remember why now). I noticed that i can not view the web.config file so thought no one else would.

But I just wanted to know if it is possible for other to see it and if so blockit or encrypt it.
0
Comment
Question by:taz8020
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 53

Assisted Solution

by:Dhaest
Dhaest earned 100 total points
ID: 37756636
Encrypting Configuration Information in ASP.NET 2.0 Applications

http://www.4guysfromrolla.com/articles/021506-1.aspx
0
 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 37756639
It's possible for whoever has authorization for the folder where you web.config resides to view the file. Typically, this would only be admins for the machine in question. Ask yourself who will have direct access to the machine and its filesystem, and also what could happen if someone gain unauthorized access to your machine and its filesystem. That might help you decide whether or not to encrypt the web.config.
0
 
LVL 53

Assisted Solution

by:Dhaest
Dhaest earned 100 total points
ID: 37756646
How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI
http://msdn.microsoft.com/en-us/library/ff647398.aspx

Protecting Connection Information (ADO.NET)
http://msdn.microsoft.com/en-us/library/89211k9b.aspx
0
 
LVL 3

Author Comment

by:taz8020
ID: 37756855
Hi Thanks the web.config is in the root directory, which is where the default.aspx file is. If i try and view the file through a web browser I can not see it. I get an error saying
"The requested filtering module is configured to deny a path to the URL"

As I am the only person with access to the server and the only admin is it that important. As long as no one on the www can see it and change the database I dont see it being a problem?
0
 
LVL 75

Accepted Solution

by:
käµfm³d   👽 earned 400 total points
ID: 37756909
That is correct. By default, and as a security measure, web.config files are not served. You should not copy them to the website directory, but your code-behind files also would not be served if you deploy them to the web server. There are a couple of other files which are not served (I believe global.asax is one), but I cannot remember all of them. I'm sure they'd come up on a quick internet search.
0

Featured Post

Revamp Your Training Process

Drastically shorten your training time with WalkMe's advanced online training solution that Guides your trainees to action.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The ECB site provides FX rates for major currencies since its inception in 1999 in the form of an XML feed. The files have the following format (reducted for brevity) (CODE) There are three files available HERE (http://www.ecb.europa.eu/stats/exch…
A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
This is a high-level webinar that covers the history of enterprise open source database use. It addresses both the advantages companies see in using open source database technologies, as well as the fears and reservations they might have. In this…

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question