Re: Again: Protecting ConnectionString in web.config
From: Chris Jackson (chrisjATmvpsDOTorgNOSPAM)
Date: 12/02/03
- Next message: tlthompson_at_west.com: "Re: Windows Authentication"
- Previous message: David: "Logon popup for intranet application"
- In reply to: bigMAC: "Again: Protecting ConnectionString in web.config"
- Next in thread: Alek Davis: "Re: Again: Protecting ConnectionString in web.config"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 2 Dec 2003 11:47:27 -0500
The most secure way is to use Windows authentication, so you don't have a
connection string.
If you must use SQL Authentication, then look into the command line utility
aspnet_setreg, which will encrypt and store in the registry (using strong
ACLs) the connection string.
The bottom line: the aspnet_wp process must be able to decrypt the
connection string if it intends to pass it. If your box is compromised to
the point where the attacker can do anything the aspnet_wp process can do,
then they can read it, but that goes without saying. The only way to prevent
an attacker who has compromised a system to that level is to not have
anything valuable stored at all. So, you can mitigate the damages by having
that connection string provide you with only the access that you need for
that one application to run. Denydatareader and denydatawriter, and give
execute permissions on only those stored procedures that you need to access
to make the application run, so the attacker can do nothing more than make
the application do what it would be doing anyway.
-- Chris Jackson Software Engineer Microsoft MVP - Windows Client Windows XP Associate Expert -- More people read the newsgroups than read my email. Reply to the newsgroup for a faster response. (Control-G using Outlook Express) -- "bigMAC" <tylun_guy@hotmail.com> wrote in message news:ca8ae5c3.0312011823.5e9212d@posting.google.com... > Hi, > > Today, i met a problem from my boss: how to protect the connection > string in web.config > if there's a cracker gain full control of the win server that IIS > located? > > At first, he said plaintext is unacceptable. After some searching, i > reported some > solution: > > I said store it in registry, my boss ask: he can read it though > regedit > > I said the encrypt/decrypt connection string method that widely found > from > Internet, he ask: if cracker trace the program, he can property > decrypt it programmetcialy. The same, hardcode the string in a dll is > also > banned. > > I said window auth of sqlserver 2000, he ask: if cracker gain full > control, > this is useless. > > After that, i counter: if a cracker gain full control of the server, > any protection > is already useless. > > He said: IIS is easily being attack, so we must think of such a > situration. > > At last, i want to ask: why you choose ASP.NET that must bind on IIS > even you > have such concern????? but i had not. > > I m not trying to talk about the vulnerablily of IIS, but this is real > talking > from my boss.... anyway, any solution or comment on this silly > conversation > are welcome. > > > Thank you very much
- Next message: tlthompson_at_west.com: "Re: Windows Authentication"
- Previous message: David: "Logon popup for intranet application"
- In reply to: bigMAC: "Again: Protecting ConnectionString in web.config"
- Next in thread: Alek Davis: "Re: Again: Protecting ConnectionString in web.config"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
