Menu
I have written the name of my database, username and password in my web.config file as connection string.
I want to encrypt this data. How can I do it?
<connectionStrings>
<add name="ISP_ConnectionString" connectionString="Data Source=JIGAR;
Initial Catalog=ISP;Integrated Security=True;
User ID=jigar;Password=jigar123;
providerName="System.Data.SqlClient" />
</connectionStrings>
271
To encrypt connection string information stored in the Web. config file. At the Windows command line, run the ASP.NET IIS registration tool (Aspnet_regiis.exe) with the following options: The -pe option, passing it the string "connectionStrings" to encrypt the connectionStrings element.
config based connectionstring as seems is unsafe, because one can read it. But think about it, if a person can read your web. config, means he can edit any file on your server anyways as he probably already hack or gain access to file.
You can just use the apnet_regiis tool to do that ,just do
C:\WINDOWS\Microsoft.Net\Framework(64)\(.Net version)\aspnet_regiis -pe "connectionStrings"
for a specific application you can use the app argument -app application name, and for a specific site you can also use the site argument "-site site id".
For more details see http://msdn.microsoft.com/en-us/library/dtkwfdky.aspx.
Note that this works for a web application only and not for a windows application.
Also note that you have to run it from a command prompt with elevated privileges ("run as administrator").
120
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
