Menu
Good day all. I've took out some .net hosting with web fusion but are fighting to get answers regarding their security set up.
Specifically i'm used to full trust enviroments as i work for a large utilities company.
Usually i would encrypt some / all of my web.config, this i cannot do on their medium trust IIS7 enviroment, nor will they let me install i RSA key specificically for my application.
So is my configuration file really that safe?, i have fears of someone stealing all my sensitive data from my database using the unencrypted connection string?
999
Encrypting a Web Configuration Sectionconfig file will be encrypted and the -site option to identify which Web site the application is a part of. The Web site is identified using the site number from the Internet Information Services (IIS) metabase.
To secure passwords for configuration parameters, you can use an encrypted password file, separate from the configuration files. The pr0pass program maintains the password file, encrypting passwords for parameters in the configuration files.
It means that connection specific information such as database name, username, and password are stored as a clear text in a file. This is definitely a security concern for your Production servers. This is why the connection strings should be encrypted.
You are under a serious delosion thinking encrypting web.config helps. What aou are afraid of mostly is someone breaking into your account, and if I can replace your web application, the fact that the connection string is encrypted sort of is pointless as I HAVE TO HAVE access to the decryption key anyway.
So, I can, under any circumstance, always access the database anyway.
69
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
