Hide Database Password

Question

Hide Database Password

Navigation

#1 by (0 votes)

0

Good afternoon,

I have some websites whose database password, I store in a connection string, in web.config.

Any programmer who has access to ftp hosting can read the web.config file and view the database password.

Is there any way to hide the database password?

asp.net web.config

asked by anonymous 24.07.2017 / 20:11

1 answer

infinite scroll with angled problem loading DB data TextView does not appear for some reason

score 0 · Answer 1

You can encrypt your web.config file with a component called aspnet_regiis.

To encrypt the sections and the web.config file.

In a text editor, open the web.config file for your application. If you do not have a Web.config file for your ASP.NET application, open a text editor, copy the sample configuration into a new file, and then save the file in your ASP.NET Web application directory as web .config.

Make sure that there is a child element and a child element for the element, as shown in the following example.

<configuration>
   <connectionStrings>
      <add name="SqlServices" connectionString="Data Source=localhost;Integrated Security=SSPI;Initial Catalog=Northwind;" />
   </connectionStrings>

   <system.web>

     <machineKey validationKey="D61B3C89CB33A2F1422FF158AFF7320E8DB8CB5CDA1742572A487D94018787EF42682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE"
       decryptionKey="FBF50941F22D6A3B229EA593F24C41203DA6837F1122EF17" />

   </system.web>
</configuration>

Close the web.config file.

At the command prompt, change the directory to the .NET Framework version 2.0 directory by typing the following command: cd \ WINDOWS \ Microsoft.Net \ Framework \ v2.0. *

At the command prompt, run the Aspnet_regiis.exe tool with the following options: The -pe option and the "connectionStrings" string to encrypt the connectionStrings element of the web.config file for your application. The -app option and the name of your application. For example, the following command encrypts the section of the web.config file for an application called MyApplication. aspnet_regiis -pe "connectionStrings" -app "/ MyApplication"

Repeat the previous step for the element's edge element, as shown in the following example: aspnet_regiis -pe "system.web / machineKey" -app "/ MyApplication" Do not close the Command Prompt window.

Open web.config and then view the encrypted content. The content will look similar to the following sample web.config file.

For more information, the official Microsoft website can give you more information! link