Solved

Is it nessasery to encrypt connection strings ASP.net

Posted on 2012-03-23
5
466 Views
Last Modified: 2012-03-23
Hi I am new to asp.net and have now built my first site.
I just want to check if I should encrypt the connection strings. I looked into this when I first started but could not get it working (cannot remember why now). I noticed that i can not view the web.config file so thought no one else would.

But I just wanted to know if it is possible for other to see it and if so blockit or encrypt it.
0
Comment
Question by:taz8020
  • 2
  • 2
5 Comments
 
LVL 53

Assisted Solution

by:Dhaest
Dhaest earned 100 total points
ID: 37756636
Encrypting Configuration Information in ASP.NET 2.0 Applications

http://www.4guysfromrolla.com/articles/021506-1.aspx
0
 
LVL 75

Expert Comment

by:käµfm³d 👽
ID: 37756639
It's possible for whoever has authorization for the folder where you web.config resides to view the file. Typically, this would only be admins for the machine in question. Ask yourself who will have direct access to the machine and its filesystem, and also what could happen if someone gain unauthorized access to your machine and its filesystem. That might help you decide whether or not to encrypt the web.config.
0
 
LVL 53

Assisted Solution

by:Dhaest
Dhaest earned 100 total points
ID: 37756646
How To: Encrypt Configuration Sections in ASP.NET 2.0 Using DPAPI
http://msdn.microsoft.com/en-us/library/ff647398.aspx

Protecting Connection Information (ADO.NET)
http://msdn.microsoft.com/en-us/library/89211k9b.aspx
0
 
LVL 3

Author Comment

by:taz8020
ID: 37756855
Hi Thanks the web.config is in the root directory, which is where the default.aspx file is. If i try and view the file through a web browser I can not see it. I get an error saying
"The requested filtering module is configured to deny a path to the URL"

As I am the only person with access to the server and the only admin is it that important. As long as no one on the www can see it and change the database I dont see it being a problem?
0
 
LVL 75

Accepted Solution

by:
käµfm³d   👽 earned 400 total points
ID: 37756909
That is correct. By default, and as a security measure, web.config files are not served. You should not copy them to the website directory, but your code-behind files also would not be served if you deploy them to the web server. There are a couple of other files which are not served (I believe global.asax is one), but I cannot remember all of them. I'm sure they'd come up on a quick internet search.
0

Featured Post

Forrester Webinar: xMatters Delivers 261% ROI

Guest speaker Dean Davison, Forrester Principal Consultant, explains how a Fortune 500 communication company using xMatters found these results: Achieved a 261% ROI, Experienced $753,280 in net present value benefits over 3 years and Reduced MTTR by 91% for tier 1 incidents.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Crystal reports login after closing form 3 40
Need to sort columns in DataGridView 4 41
Securing WEBAPI on Azure 2 28
Installing .NET 3.5 on Windows Server 2012 1 64
Problem Hi all,    While many today have fast Internet connection, there are many still who do not, or are connecting through devices with a slower connect, so light web pages and fast load times are still popular.    If your ASP.NET page …
Parsing a CSV file is a task that we are confronted with regularly, and although there are a vast number of means to do this, as a newbie, the field can be confusing and the tools can seem complex. A simple solution to parsing a customized CSV fi…
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an antispam), the admini…

696 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question