How to securely protect web.config

Question

How to securely protect web.config

Perhaps I understand that this is all wrong, but since I realized that the best way to protect your connection string is to encrypt it, now I have these questions.

Question 1:

will encryption work in a co-hosting environment?

Question 2:

If I have an FTP service, can anyone upload an .aspx file and get a connection string through the namespace of the configuration manager?

+3

c # asp.net

Devmania Apr 26 '09 at 10:12

source share

3 answers

1: , .

2: , . , - Windows , Windows IIS. , .

+5

Paul Suart 26 . '09 10:21

Not the answer to your 2 questions, but: The best way to protect the connection string does not have a connection that requires a password in the connection string. NTLM or similar is much more secure. In addition, if users have access to FTP encryption, this is the so-called security by unknown, which can be easily canceled.

+1

Mash Apr 26 '09 at 10:57

source share

configurator · Accepted Answer · 2009-04-26T10:19:30+0000

Question 1:

What do you protect your connection string?

If it is against hackers, etc., if available to them web.config, your system is already compromised, and nothing you can do will help you.

(.. ), - , base64.

2:

, aspx - , .

How to securely protect web.config

More articles: