Web Development

Hi all,
The registry option isn't really the one for us, so we use the web.config. There is only a big risk, that when a hacker is on your box, the string can be read easily.
Is there maybe a secure and easy to deploy way to protect it?

Grtz,

Wouter

Is there a way to change the connection string in the web.config file, from a form.

Storing the connection information in our Web Server's registry has worked well for us. It provides security and a central location for storing and maintaining the information. One thing we have been contemplating is encrypting the data stored in the registry, but we have not implemented it at this point.

The key element within the configuration XML should be contained in an appSettings element like the following:

<configuration>
<appSettings>
<add key="dbconnection" value=" server=(local);Initial Catalog=Northwind;UID=tester;PWD=123456"/>
</appSettings>
</configuration>

-Tony.

I've recently started keeping path information, which is the part of the connection string most likely to change, separate from the user name and password information. Path info can be kept in web.config, and user name and password can be kept whereever needed to meet the security needs of your application.

Let's face it.

If someone gains access to your server, there is nothing you can do about security. You can make it harder, but not foolproof.

The hardest way I can think of right now is to encrypt the entire system, including binaries and dated key itself, using full machine image checksum and machine id, and have it decrypted on the fly, which is currently beyond the ability of the OS; the original software would be on a different machine, executables of which would be copied to the executable machine, write permission one time only like reformat, with no reference to the source machine, all writable persistent data being accessed through separate security-dialoged encrypted database sessions.

Good luck!