O'Reilly Forums: How To Handle Encryption Decription Of Connection String ? - O'Reilly Forums

Jump to content

Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

How To Handle Encryption Decription Of Connection String ?

#1 User is offline   markpeterson59 

  • New Member
  • Pip
  • Group: Members
  • Posts: 1
  • Joined: 14-October 08
  • Gender:Male

  Posted 14 October 2008 - 09:31 PM

Hi Friends,

I have created two functions that encrypt and decrypt the connection string in web.config. But whenever I want to use connection string. I have to always decrypt web.config and then again encrypt it back. Does there any other way which i can use.

I'm using section.SectionInformation.ProtectSection(" <encryption configuration provider> ") and section.SectionInformation.UnprotectSection()
0

#2 User is offline   Dan_Maharry 

  • Active Member
  • PipPip
  • Group: O'Reilly Author
  • Posts: 23
  • Joined: 17-September 08
  • Gender:Male
  • Location:UK

Posted 15 October 2008 - 01:16 PM

Hi Mark,

There are a couple of alternate ways to store a connection string securely. If you have access to the registry on the web server, you could actually store the encrypted connection string in the registry using the aspnet_setreg utility and reference it there. More details on that at http://support.microsoft.com/kb/821616.

You could also save the connection string in its own config file and then replace the connectionStrings element in web.config with

CODE
<connectionStrings configSource="~/connectionstrings.config" />


Remember if you save the new config file in App_Data or App_Code the server will not pass the file over on direct request.

Hope that helps, Dan.
Dan Maharry
Author, Programming ASP.NET 3.5
(home : blog : tumblr)
0

Share this topic:


Page 1 of 1
  • You cannot start a new topic
  • You cannot reply to this topic

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users