Encryption of Connection String
From: paul reed (prreed@jacksonreed.com)
Date: 12/29/02
- Next message: Richard Waymire [MS]: "Re: Transferring logins form 6.5 to 2000, anyone?!"
- Previous message: Mary Chipman: "Re: Application Security"
- Next in thread: Gang Guo [MSFT]: "RE: Encryption of Connection String"
- Reply: Gang Guo [MSFT]: "RE: Encryption of Connection String"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "paul reed" <prreed@jacksonreed.com> Date: Sun, 29 Dec 2002 10:08:04 -0800
I currently keep my connection string in web.config as clear text. Prior to
going to production I want to encrypt this string (or just the password) and
then after retrieving
it at app startup I want to decrypt it.
I don't want to use the registry to store the encryption key or the
encrypted string...there are many suggestions out there but all point to the
evils of having to store the encrypt key somewhere (so you can decrypt the
connection string at a latter time). One thread I found say to create a
one-way hash...but of course no sample code along with that suggestion.
Can anyone point me in the right direction. I have checked all the sample
MSDN applications (Duwamish, etc...) and they all say, "...now in a real
application, you should encrypt either the whole connection string or at
least the password"...so they offer no code to do this.
What is the best approach?
Thanks in advance.
- Next message: Richard Waymire [MS]: "Re: Transferring logins form 6.5 to 2000, anyone?!"
- Previous message: Mary Chipman: "Re: Application Security"
- Next in thread: Gang Guo [MSFT]: "RE: Encryption of Connection String"
- Reply: Gang Guo [MSFT]: "RE: Encryption of Connection String"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
