Re: Secure user name and Password in Web Config
- From: Dominick Baier <dbaier@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 14 Jan 2008 07:17:34 +0000 (UTC)
have a look at the protected configuration feature in .NET (and the aspnet_regiis tool)
-----
Dominick Baier (http://www.leastprivilege.com)
Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)
I want to be able to securely encrypt a user name and password for a
web app.
The user name/password is to be used in for authorization to a web
service
not a db. For security reasons the company wants to encrypt what is in
the
web config file and be able to move the web app to different machines
without
having to re-encrypt it.
Is this possible?
Is there a security hole in this procedure that might be better
handled by a
call to a web service app holding the user name and password?
Thanks,
Marc
.
- Prev by Date: ASP.NET application having sysadmin privileges
- Next by Date: Re: LOGOFF the client browser from Windows authentication
- Previous by thread: ASP.NET application having sysadmin privileges
- Next by thread: Re: LOGOFF the client browser from Windows authentication
- Index(es):
