I need to encrypt sections of a web.config file for an application which is running on shared hosting. I cannot use the protected configuration feature in ASP.NET 2.0, given that the only way to create the encrypted sections in the first place is to run aspnet_regiis.exe on the server, to which I have no access, or use the configuration classes in System.Configuration, which require full-trust. The application is running with medium-trust.
So it appears that I need to implement my own custom encryption scheme, and now the problem is how to safely store the encryption key. And once again, all the classes in .NET which support this (and that I am aware of) appear to have been protected with code access permissions which are unavailable in medium-trust. Running applications on shared hosting is not uncommon, so I'm sure others must have dealt with this issue. So my questions are: - Is it possible to create a protected configuration section when running with medium-trust and no physical access to the server? - And if not, how can I safely store an encryption key, again, given the constraints of medium-trust? Thanks, Fernando Tubio =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
