Solved

Is it nessasery to encrypt connection strings ASP.net

Posted on 2012-03-23
5
461 Views
Last Modified: 2012-03-23
Hi I am new to asp.net and have now built my first site.
I just want to check if I should encrypt the connection strings. I looked into this when I first started but could not get it working (cannot remember why now). I noticed that i can not view the web.config file so thought no one else would.

But I just wanted to know if it is possible for other to see it and if so blockit or encrypt it.
0
Comment
Question by:taz8020
  • 2
  • 2
5 Comments
 
LVL 53

Assisted Solution

by:Dhaest
Dhaest earned 100 total points
ID: 37756636
Encrypting Configuration Information in ASP.NET 2.0 Applications

http://www.4guysfromrolla.com/articles/021506-1.aspx
0
 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 37756639
It's possible for whoever has authorization for the folder where you web.config resides to view the file. Typically, this would only be admins for the machine in question. Ask yourself who will have direct access to the machine and its filesystem, and also what could happen if someone gain unauthorized access to your machine and its filesystem. That might help you decide whether or not to encrypt the web.config.
0
 
LVL 53

Assisted Solution

by:Dhaest
Dhaest earned 100 total points
ID: 37756646
How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI
http://msdn.microsoft.com/en-us/library/ff647398.aspx

Protecting Connection Information (ADO.NET)
http://msdn.microsoft.com/en-us/library/89211k9b.aspx
0
 
LVL 3

Author Comment

by:taz8020
ID: 37756855
Hi Thanks the web.config is in the root directory, which is where the default.aspx file is. If i try and view the file through a web browser I can not see it. I get an error saying
"The requested filtering module is configured to deny a path to the URL"

As I am the only person with access to the server and the only admin is it that important. As long as no one on the www can see it and change the database I dont see it being a problem?
0
 
LVL 75

Accepted Solution

by:
käµfm³d   👽 earned 400 total points
ID: 37756909
That is correct. By default, and as a security measure, web.config files are not served. You should not copy them to the website directory, but your code-behind files also would not be served if you deploy them to the web server. There are a couple of other files which are not served (I believe global.asax is one), but I cannot remember all of them. I'm sure they'd come up on a quick internet search.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How to deploy to IIS 7 on 2008R2 server with DUO 2-step login? 2 33
error on the asp.net page 1 33
Export import database 4 41
Help with C#, MVC, razor. 6 21
For those of you who don't follow the news, or just happen to live under rocks, Microsoft Research released a beta SDK (http://www.microsoft.com/en-us/download/details.aspx?id=27876) for the Xbox 360 Kinect. If you don't know what a Kinect is (http:…
More often than not, we developers are confronted with a need: a need to make some kind of magic happen via code. Whether it is for a client, for the boss, or for our own personal projects, the need must be satisfied. Most of the time, the Framework…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.
You have products, that come in variants and want to set different prices for them? Watch this micro tutorial that describes how to configure prices for Magento super attributes. Assigning simple products to configurable: We assigned simple products…

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now