Solved

Is it nessasery to encrypt connection strings ASP.net

Posted on 2012-03-23
5
465 Views
Last Modified: 2012-03-23
Hi I am new to asp.net and have now built my first site.
I just want to check if I should encrypt the connection strings. I looked into this when I first started but could not get it working (cannot remember why now). I noticed that i can not view the web.config file so thought no one else would.

But I just wanted to know if it is possible for other to see it and if so blockit or encrypt it.
0
Comment
Question by:taz8020
  • 2
  • 2
5 Comments
 
LVL 53

Assisted Solution

by:Dhaest
Dhaest earned 100 total points
ID: 37756636
Encrypting Configuration Information in ASP.NET 2.0 Applications

http://www.4guysfromrolla.com/articles/021506-1.aspx
0
 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 37756639
It's possible for whoever has authorization for the folder where you web.config resides to view the file. Typically, this would only be admins for the machine in question. Ask yourself who will have direct access to the machine and its filesystem, and also what could happen if someone gain unauthorized access to your machine and its filesystem. That might help you decide whether or not to encrypt the web.config.
0
 
LVL 53

Assisted Solution

by:Dhaest
Dhaest earned 100 total points
ID: 37756646
How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI
http://msdn.microsoft.com/en-us/library/ff647398.aspx

Protecting Connection Information (ADO.NET)
http://msdn.microsoft.com/en-us/library/89211k9b.aspx
0
 
LVL 3

Author Comment

by:taz8020
ID: 37756855
Hi Thanks the web.config is in the root directory, which is where the default.aspx file is. If i try and view the file through a web browser I can not see it. I get an error saying
"The requested filtering module is configured to deny a path to the URL"

As I am the only person with access to the server and the only admin is it that important. As long as no one on the www can see it and change the database I dont see it being a problem?
0
 
LVL 75

Accepted Solution

by:
käµfm³d   👽 earned 400 total points
ID: 37756909
That is correct. By default, and as a security measure, web.config files are not served. You should not copy them to the website directory, but your code-behind files also would not be served if you deploy them to the web server. There are a couple of other files which are not served (I believe global.asax is one), but I cannot remember all of them. I'm sure they'd come up on a quick internet search.
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Add a Condition in ASP Repeater 6 34
How do I get the up & down arrow keys to navigate in an Autocomplete textbox list. 3 33
Easy filter aspnet 2 24
SSIS Start 2 20
Today I had a very interesting conundrum that had to get solved quickly. Needless to say, it wasn't resolved quickly because when we needed it we were very rushed, but as soon as the conference call was over and I took a step back I saw the correct …
A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Finds all prime numbers in a range requested and places them in a public primes() array. I've demostrated a template size of 30 (2 * 3 * 5) but larger templates can be built such 210  (2 * 3 * 5 * 7) or 2310  (2 * 3 * 5 * 7 * 11). The larger templa…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question