[
https://issues.apache.org/jira/browse/STONEHENGE-15?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12775101#action_12775101
]
Nicholas A Hauenstein commented on STONEHENGE-15:
-------------------------------------------------
It looks like the only place where this still currently applies is in the
app.config file for the configuration service.
Correct me if I'm wrong, but I believe that only sections within web.config
files can be encrypted, not sections within app.config files. So with a WCF
service hosted in a console application, we will not be able to encrypt this
information. We could write code to do this manually, but we will have to store
the key somewhere, and likely this will be just as accessible as the config
file itself would be, defeating the purpose of encryption.
> Protect connection strings in Business Services and Order Processor solutions
> -----------------------------------------------------------------------------
>
> Key: STONEHENGE-15
> URL: https://issues.apache.org/jira/browse/STONEHENGE-15
> Project: Stonehenge
> Issue Type: Improvement
> Components: DOTNET_BS, DOTNET_OPS
> Environment: .NET trunk
> Reporter: Scott Golightly
> Assignee: Scott Golightly
> Priority: Minor
> Fix For: M2
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> The database connection strings are listed in plain text in the configuration
> files. .NET provides the means to encrypt the connection strings and
> automatically decrypt the values before using it. Encrypting the connection
> string is a best practice to protect the database login information.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
