Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Why some asp.net developers encrypt ConnectionStrings?

Tags:

asp.net

asp.net-mvc

configuration-files


I seen some asp.net developers encrypt ConnectionStrings that was included in separate config file.
Why they did that ? I know that config files are unreadable from the client side/browser! Is it possible to access to this kind of files ?

like image 383
Dot Freelancer Avatar asked Mar 08 '12 13:03

Dot Freelancer

People also ask

Should you encrypt connection strings?

It means that connection specific information such as database name, username, and password are stored as a clear text in a file. This is definitely a security concern for your Production servers. This is why the connection strings should be encrypted.

How can we secure the ConnectionString from being hacked?

The best way to secure the database connection string is to encrypt the value within the configuration file. The application would then load the encrypted value from the config file, decrypt the value, and then use the decrypted value as the connection string to connect to the database.

Is it safe to store connection string in web config?

config based connectionstring as seems is unsafe, because one can read it. But think about it, if a person can read your web. config, means he can edit any file on your server anyways as he probably already hack or gain access to file.

1 Answers

You can't rule out that the web box is compromised. Also, you don't want the web admins to know passwords to databases.

You need to remember that config files cannot be obtained by the browser just because .config extension is in the list of restrictions in IIS metadata. It may be possible to get them from the server in other way or some misconfiguration problem may allow them to be downloaded.

like image 198
Jakub Konecki Avatar answered Oct 21 '22 03:10

Jakub Konecki
Sign in to Comment

Related questions

Suggestions for simple .NET distributed caching solution
How to store password in encrypted format in database entered from web application?
What is the future of ASP.NET MVC framework after releasing the asp.net Web API
ASP.net MVC site : Redirect all "non WWW" request to WWW
Current Month and year in sql server 2008 r2 [closed]
Synchronous Vs Asynchronous related to web services
Entity Framework - "New transaction is not allowed because there are other threads running in the session"
Why ASP.NET Core convert Persian(or Arabic) text to Character reference (&#xhhhh;) in view
ExceptionFilter vs ExceptionLogger vs ExceptionHandler in Web API 2
What's the best way to remove <br> tags from the end of a string?
What is the best method to keep bots from spamming your blog?
Scalability Case Studies
DataTable to Json using jquery
Can the ASP.NET Yellow Screen of Death (YSOD) be generated on demand or captured?
Why do I get a thrown exception when I run Response.Redirect()?
ASP.NET: Call function in MasterPage through UserControl
Can you modify the web.config and NOT restart the ASP.NET application? [duplicate]
What is you favourite approach to check if a HTML COLOR is valid?
how to get selected item in CheckBoxList in Asp.net
Windows Authentication - Getting current user name

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!