Home>Network programming tutorial>ASP.NET tutorial

ASP.NET2.0 blind memory-encrypted link string

Author:Eve Cole Update Time:2009-06-30 16:44:56

Usually the connection string with the database is placed in the web.config file, because there is an API that can directly access and retrieve data.
But there are also some security issues. The database connection string is in clear text in the .config file.
There is a tool like the ASP.NET IIS registration tool (Aspnet_regiis.exe) in .NET, which can encrypt the sections of the site's .config file.

Encryption: aspnet_regiis -pef "The name of the configuration section in the encrypted web.config" "The directory where the web.config file is located"
Decryption: aspnet_regiis -pdf "The name of the configuration section in the encrypted web.config" "The directory where the web.config file is located"

before encryption:
<connectionStrings>
<add name="pubsConnectionString" connectionString="Data Source=MHLSQL2000;Initial Catalog=pubs;User ID=sa;Password=sql2000"
providerName="System.Data.SqlClient" />
</connectionStrings>
After encryption:
<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type=" http://www.w3.org/2001/04/xmlenc#Element "
xmlns=" http://www.w3.org/2001/04/xmlenc #">
<EncryptionMethod Algorithm=" http://www.w3.org/2001/04/xmlenc#tripledes-cbc " />
<KeyInfo xmlns=" http://www.w3.org/2000/09/xmldsig #">
<EncryptedKey xmlns=" http://www.w3.org/2001/04/xmlenc #">
<EncryptionMethod Algorithm=" http://www.w3.org/2001/04/xmlenc#rsa-1_5 " />
<KeyInfo xmlns=" http://www.w3.org/2000/09/xmldsig #">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>e15rhABrAtua53kjZ2a3U+ijC/Hr5ZhGUWGL5swkfxJaHS6hxGacw7CxyNlhnJwRc44ZE2edsKRfSJeXPS76fe4znlE5BqaxMMMWK+yFMiuWM+Cor1DFffheRNjAB7pMYdRQoMRCBq6H18gx IGlRY1dXtUERzNLJ5ug+S/qdj8E=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>Y1SjIK04jc0cS8Fg7EJyLoiXAUWc+I708SOsebWHeihg4kRFEF4wGvQLyrZQqFXNUIm56tIktQgapd7px92nfwAzYFv8R2gYV/7JwjfbjpM1v27p5WgNycJbo8H4uNj4 LwgPfoqy2Dl41geMFHXCOak8IWxrA8MkbpIsKHFTJNkMo9yph+vVUMdViwaBSOKONSrXJ2k16kjHoSjJe1VP6WfMFZCeL7+nMuLf4sNZc34d0fl3S50H+kNwZre9MkUCSLr5pImCv5fhgHP+Ee9 QwS8ahvOvRwUY7kWMr+M+jKoS+FDbhuRIkcbWaPP75XzdmyBN/vGwcMfX63faA9vdNOsl1a75Kd0L</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>

http://matrix.cnblogs.com/archive/2006/07/08/445676.html
Related Articles