The idea of encrypting the connection string is to make it more difficult
for someone with file system
access to get the SQL Server password.
What is to stop an admin who has file system access from dropping in an
asp.net script that prints the
decrypted connection string?
I guess this is maybe designed to protect from web server exploits but the
.config file type is not served
anyway.
Anyone care to explain where the benefit is in this? I've been curious
about it but all the books skip over
this *trivial* detail.
Chris F
_____
From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of
Ryan Olshan
Sent: Wednesday, May 03, 2006 9:08 AM
To: [email protected]
Subject: [Spam] RE: [AspNet2] Connection String Security in web.config file
Well. You have 2 options.
1) Use Windows authentication instead of SQL Server authentication.
2) Encrypt the connection string. See
http://weblogs.asp.net/scottgu/archive/2006/01/09/434893.aspx
Ryan
Thank you,
Ryan Olshan
Website - http://www.StrongTypes.com <http://www.strongtypes.com/>
Group - http://groups.yahoo.com/group/StrongTypes
Blog - http://blogs.strongcoders.com/blogs/ryan/
_____
From: [email protected] [mailto:[EMAIL PROTECTED] On Behalf Of
M. Muzamil Khan
Sent: Wednesday, May 03, 2006 6:54 AM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]; [email protected]; [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL PROTECTED];
[EMAIL PROTECTED]
Subject: [AspNet2] Connection String Security in web.config file
hi friends,
1)usually We keep the connection string in the
web.config file.but there is no security when we keep
there.so,whats the other alternative.
please answer to the above questions.
Regards,
Muzamil Khan
---------------------------------
How low will we go? Check out Yahoo! Messenger's low PC-to-Phone call
rates.
[Non-text portions of this message have been removed]
SPONSORED LINKS
Object
<http://groups.yahoo.com/gads?t=ms
<http://groups.yahoo.com/gads?t=ms&k=Object+oriented&w1=Object+oriented&w2=P
> &k=Object+oriented&w1=Object+oriented&w2=P
rogramming+languages&c=2&s=48&.sig=f6H4QQqcmcp9kaxQRYmjcw> oriented
Programming
<http://groups.yahoo.com/gads?t=ms
<http://groups.yahoo.com/gads?t=ms&k=Programming+languages&w1=Object+oriente
> &k=Programming+languages&w1=Object+oriente
d&w2=Programming+languages&c=2&s=48&.sig=r1ya7ggnEBNyfAH5-mYlDw> languages
_____
YAHOO! GROUPS LINKS
* Visit your group "AspNet2 <http://groups.yahoo.com/group/AspNet2> "
on the web.
* To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
* Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service
<http://docs.yahoo.com/info/terms/> .
_____
[Non-text portions of this message have been removed]
_____
YAHOO! GROUPS LINKS
* Visit your group "AspNet2 <http://groups.yahoo.com/group/AspNet2> "
on the web.
* To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
<mailto:[EMAIL PROTECTED]>
* Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service
<http://docs.yahoo.com/info/terms/> .
_____
[Non-text portions of this message have been removed]
SPONSORED LINKS
| Object oriented | Programming languages |
YAHOO! GROUPS LINKS
- Visit your group "AspNet2" on the web.
- To unsubscribe from this group, send an email to:
[EMAIL PROTECTED]
- Your use of Yahoo! Groups is subject to the Yahoo! Terms of Service.
