Is the connectionString within the project safe when deploying to the cloud?

Question

I have found here an interesting blog that explains how to secure the visibility of the connection string from the developers. http://blogs.msdn.com/b/sqlazure/archive/2010/09/07/10058942.aspx

As I am the only developer on my project, I wouldn't be concerned about that, however I am concerned about two things

1. While deploying the package to Azure Cloud, is my connection string within the project in risk to be seen by third party? Or is the whole package file encrypted?

2. Once the package is deployed, can the connectionstring be read from web? Or is it secure and bulletproof?

Answer 1

If you deploy using SSL (via Visual Studio or a tool like Cloudberry Explorer) then the config files get to the Azure data-centre ok.

Once they are there I believe the config files can be viewed by anyone who has

1. access to the blob storage account that you uploaded to
2. access to the Silverlight GUI that Microsoft provide
3. access to the 'Remote Desktop' option (which you have to enable with certificates).
4. access to any management certificate you might have uploaded

So basically, as long as the right people have the right credentials you are ok.

If you are the only person who knows the login to the Azure Web UI and you are the only one who knows the storage keys and has the certificate keys then I would say it's pretty bullet proof.