Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Should i encrypt web.config on shared hosting?

Good day all. I've took out some .net hosting with web fusion but are fighting to get answers regarding their security set up.

Specifically i'm used to full trust enviroments as i work for a large utilities company.

Usually i would encrypt some / all of my web.config, this i cannot do on their medium trust IIS7 enviroment, nor will they let me install i RSA key specificically for my application.

So is my configuration file really that safe?, i have fears of someone stealing all my sensitive data from my database using the unencrypted connection string?

like image 999
Barbloke6 Avatar asked Aug 10 '10 10:08

Barbloke6


People also ask

Is Web config encrypted?

Encrypting a Web Configuration Sectionconfig file will be encrypted and the -site option to identify which Web site the application is a part of. The Web site is identified using the site number from the Internet Information Services (IIS) metabase.

How do I protect my config file?

To secure passwords for configuration parameters, you can use an encrypted password file, separate from the configuration files. The pr0pass program maintains the password file, encrypting passwords for parameters in the configuration files.

Should you encrypt connection strings?

It means that connection specific information such as database name, username, and password are stored as a clear text in a file. This is definitely a security concern for your Production servers. This is why the connection strings should be encrypted.


1 Answers

You are under a serious delosion thinking encrypting web.config helps. What aou are afraid of mostly is someone breaking into your account, and if I can replace your web application, the fact that the connection string is encrypted sort of is pointless as I HAVE TO HAVE access to the decryption key anyway.

So, I can, under any circumstance, always access the database anyway.

like image 69
TomTom Avatar answered Sep 20 '22 01:09

TomTom