Ask a Question related to ASP.NET Security, Design and Development.
-
A.M #1
DB Connection String
Hi,
I need to store the database connection string inside web.config file. What
would be the best way to encrypt and decrypt it?
Thanks,
Ali
A.M Guest
-
need help with connection string
i keep reading that it is not secure to hard code the connection string to the server into my swf. so how can i get the string into my swf without... -
connection string
Hi there, I have recently changed the connection string on a site that was working perfectly. I used an OLE DB connection with this code: var... -
String in Web.config to specify AD connection
I run a .NET based portal product. I am using windows authentication. This mode of authentication and the string specifying the connection to AD... -
'Connection String not work'..
I have this code looking at a registered dll, but i keep getting.. Object doesn't support this property or method: 'ConnectionString' line 9 <%... -
Encrypted Connection String
How would I go about taking my DB connection strings and putting them into my Web.Config file in encrypted form? Of course, I'd need to know how to... -
Joe Kaplan \(MVP - ADSI\) #2 Re: DB Connection String
The Configuration Management Application Block has nice built in support for
this as well as some other useful features. You might give that a swing.
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/cmab.asp?frame=true[/url]
Joe K.
"A.M" <IHateSpam@sapm123.com> wrote in message
news:%23exvUji3DHA.2168@TK2MSFTNGP12.phx.gbl...What> Hi,
>
> I need to store the database connection string inside web.config file.> would be the best way to encrypt and decrypt it?
>
> Thanks,
> Ali
>
>
Joe Kaplan \(MVP - ADSI\) Guest
-
Alek Davis #3 Re: DB Connection String
Ali,
Check this tool: [url]http://www.obviex.com/cipherlite/[/url]. It is not very secure,
though (but neither is Configuration Management Application Block, since -
if I understand it correctly - it requires the encryption key to be stored
in plain text on the same system). Anyway, either option is still better
than keeping data unencrypted.
Alek
"A.M" <IHateSpam@sapm123.com> wrote in message
news:%23exvUji3DHA.2168@TK2MSFTNGP12.phx.gbl...What> Hi,
>
> I need to store the database connection string inside web.config file.> would be the best way to encrypt and decrypt it?
>
> Thanks,
> Ali
>
>
Alek Davis Guest
-
Hernan de Lahitte #4 Re: DB Connection String
Actually, the CMAB have a built-in security provider (DPAPIDataProtection
implementation) that no needs any key management to protect sensitive data.
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/cmab.asp[/url]
--
Hernan de Lahitte - MSDE
Lagash Systems S.A. - Buenos Aires, Argentina
[url]http://www.lagash.com[/url]
"Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
news:#fqIjsv3DHA.2404@TK2MSFTNGP12.phx.gbl...> Ali,
>
> Check this tool: [url]http://www.obviex.com/cipherlite/[/url]. It is not very secure,
> though (but neither is Configuration Management Application Block, since -
> if I understand it correctly - it requires the encryption key to be stored
> in plain text on the same system). Anyway, either option is still better
> than keeping data unencrypted.
>
> Alek
>
> "A.M" <IHateSpam@sapm123.com> wrote in message
> news:%23exvUji3DHA.2168@TK2MSFTNGP12.phx.gbl...> What> > Hi,
> >
> > I need to store the database connection string inside web.config file.>> > would be the best way to encrypt and decrypt it?
> >
> > Thanks,
> > Ali
> >
> >
>
Hernan de Lahitte Guest
-
Alek Davis #5 Re: DB Connection String
Yes, but DPAPI has quite a few limitations. For example, in the plain form,
it cannot be used by ASP.NET (or any other Web) applications, and the
question was about Web.config, so DPAPI is not going to help here.
Alek
"Hernan de Lahitte" <hernan@lagash.com> wrote in message
news:uGPyVz13DHA.1804@TK2MSFTNGP12.phx.gbl...data.> Actually, the CMAB have a built-in security provider (DPAPIDataProtection
> implementation) that no needs any key management to protect sensitive[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnbda/html/cmab.asp[/url]>
>secure,>
>
>
>
> --
> Hernan de Lahitte - MSDE
> Lagash Systems S.A. - Buenos Aires, Argentina
> [url]http://www.lagash.com[/url]
>
>
>
> "Alek Davis" <alek_xDOTx_davis_xATx_intel_xDOTx_com> wrote in message
> news:#fqIjsv3DHA.2404@TK2MSFTNGP12.phx.gbl...> > Ali,
> >
> > Check this tool: [url]http://www.obviex.com/cipherlite/[/url]. It is not verysince -> > though (but neither is Configuration Management Application Block,stored> > if I understand it correctly - it requires the encryption key to be>> > in plain text on the same system). Anyway, either option is still better
> > than keeping data unencrypted.
> >
> > Alek
> >
> > "A.M" <IHateSpam@sapm123.com> wrote in message
> > news:%23exvUji3DHA.2168@TK2MSFTNGP12.phx.gbl...> > What> > > Hi,
> > >
> > > I need to store the database connection string inside web.config file.> >> > > would be the best way to encrypt and decrypt it?
> > >
> > > Thanks,
> > > Ali
> > >
> > >
> >
>
Alek Davis Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
