Re: Encrypting connection string in app.config

In this case there's no web server involved. Everything resides on the same
server.

-G


"William Stacey [MVP]" <william.stacey@xxxxxxxxx> wrote in message
news:uEVGiXfxGHA.2400@xxxxxxxxxxxxxxxxxxxxxxx
Is string at client side or on server side (i.e. web server)?

--
William Stacey [MVP]

"Gilgamesh" <gilgamesh4ever@xxxxxxx> wrote in message
news:OHwdJ8YxGHA.3888@xxxxxxxxxxxxxxxxxxxxxxx
| Is there anyway to encrypt the connection string using an algorithm
which
is
| FIPS 140-2 certified, and then store the key in a FIPS 140-2 certified
| hardware store? We know that DPAPI doesn't do that. We also know that
RSAENH
| is certified, but is there a way to use that to encrypt the connection
| string in the app.config?
|
| Any input will be appreciated,
| Gilgamesh
|
|




.

Relevant Pages

  • Re: Encryption of Connection String
    ... SSL or IPSEC to secure the connection between the Web Server ... > If the connection string is for the session state server, ... Use the ASP.NET Utility to Encrypt Credentials and Session ...
    (microsoft.public.sqlserver.security)
  • Re: connectionstring & web farm
    ... You can encrypt separately on each machine, but you will have to encrypt ... "hard coded" unless you put source on the web server. ... Registry is an option that is more secure than config, ... web applications which all are using the same connection string. ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: connectionstring & web farm
    ... the scenario used in this question was a web farm configuration (3 ... I know all the machines in the web farm need to have the connection string. ... Placing the connection string in Machine.config on every web server can from ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Encryption of Connection String
    ... Do you know what level of encryption IS applied to the connection string? ... > to the SQL Server via SQL authentication the password is only ... Thus you might have made all this effort to encrypt the ... > Authentication is always the preferred option unless you are using ...
    (microsoft.public.sqlserver.security)
  • Re: encryption
    ... Thanks for the responses. ... My only concern is with passing unencrypted passwords from the web server to the d3 server. ... Our plan is to never allow passwords to never appear unencrypted at any point in the transaction and to validate passwords only by comparing encrypted values. ... I know how to encrypt a password in D3 but would like to encrypt the password on the web side and pass it already encrypted to D3. ...
    (comp.databases.pick)