IandINSW
asked on
How to hide the database connection string in the web.config
I would like to encrypt the database connection string so our developers do not know what the password is to connect to our production database.
We have 3 environments. Dev, test and Prod. Dev and Test I have no issues with the Developer seeing the username and passwords unencrypted in the web.config file. But when moving to the production environment I would like to hide this information from the developer. Do I do the following?
run
C:\Windows\Microsoft.NET\F ramework\v 2.0.50727> aspnet_reg iis.exe -pe "connectionStrings" -prov "DataProtectionConfigurati onProvider " -app "/"
Encrypting configuration section...
Succeeded!
and then copy the resulting results to the web.config? Or is their another solution?
We have 3 environments. Dev, test and Prod. Dev and Test I have no issues with the Developer seeing the username and passwords unencrypted in the web.config file. But when moving to the production environment I would like to hide this information from the developer. Do I do the following?
run
C:\Windows\Microsoft.NET\F
Encrypting configuration section...
Succeeded!
and then copy the resulting results to the web.config? Or is their another solution?
I haven't confirmed the parameters of your command, but yes, you would use aspnet_regiis for this purpose.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.