O'Reilly Forums: How To Handle Encryption Decription Of Connection String ? - O'Reilly Forums
Page 1 of 1
How To Handle Encryption Decription Of Connection String ?
Posted 14 October 2008 - 09:31 PM
I have created two functions that encrypt and decrypt the connection string in web.config. But whenever I want to use connection string. I have to always decrypt web.config and then again encrypt it back. Does there any other way which i can use.
I'm using section.SectionInformation.ProtectSection(" <encryption configuration provider> ") and section.SectionInformation.UnprotectSection()
Posted 15 October 2008 - 01:16 PM
There are a couple of alternate ways to store a connection string securely. If you have access to the registry on the web server, you could actually store the encrypted connection string in the registry using the aspnet_setreg utility and reference it there. More details on that at http://support.microsoft.com/kb/821616.
You could also save the connection string in its own config file and then replace the connectionStrings element in web.config with
<connectionStrings configSource="~/connectionstrings.config" />
Remember if you save the new config file in App_Data or App_Code the server will not pass the file over on direct request.
Hope that helps, Dan.
Share this topic:
Page 1 of 1
1 User(s) are reading this topic