Loading ...

connectionString and securing passwords

Who is online?  0 guests and 0 members
home  »  forums   »  asp.net topics   »  security   » connectionString and securing passwords

connectionString and securing passwords

Posts under the topic: connectionString and securing passwords

Posted: 6/3/2011

user810420
user810420
Lurker 10  points  Lurker
  • Joined on: 6/3/2011
  • Posts: 2

Is there anyway to create a valid connectionString without having a plain-text password in a file on the server? I can't use Windows authentication, because it is an Internet (as opposed to Intranet) application. So as far as I can tell, my connectionString must contain  "UserName=*;Password=*;" elements. This needs to be either hard coded into an ASPX web page, or stored in the web.Config file. If someone hacks their way into accessing these files, then they have the password to the Database, as well. Is there anyway to avoid this?

Posted: 6/5/2011

hajan
Hajan Selmani
Professional 8505  points  Professional
  • Joined on: 5/3/2010
  • Posts: 391
  Answered

Yes. You can encrypt the password in your web.config file.

Check the following articles:

Hope this helps,
Hajan


   
Don't forget to Mark As Answer the answers that helped you solve your issue

Posted: 6/6/2011

mrkraju
ramakrishnamraju mudunuri
Lurker 125  points  Lurker
  • Joined on: 5/24/2011
  • Posts: 9
  Answered

 

http://msdn.microsoft.com/en-us/library/Aa302403


Virtual Dotnet.
Get code samples and source code.
http://www.virtualdotnet.com
Page 1 of 1 (3 items)