Security :: Encrypting Connection String In Web.config In Shared Hosting Environment?
May 27, 2010
My problem is that I'm going to have a SQL Server database and website that accesses that database via a hosting provider, most likely GoDaddy.com, using ASP.Net. I need to make sure the connection string in the web.config file is as secure as possible, because the database will actually be storing trivia questions for a game I'm developing, and the clients will be accessing these questions, saving specific state related details, and other details, to the database, so every player that plays the game will have their details stored in this database. I need to ensure hacking is very difficult to accomplish.
From my research it appears as though the only viable solution for your web.config when you've got a hosting account with something like GoDaddy.com is to use SQL Server security to connect to your SQL Server database and place those details in the web.config file. Is this correct? It seems that this is the most likely scenario for most users, because we don't have access to our hosting providers IIS servers in order to use Windows authentication with SQL Server access and then use DPAPI encryption from there.
View 2 Replies
Similar Messages:
Jun 1, 2010
I have looked for ideas on this and read several posts but none of them seems to be because the problem is that web.com (my host) doesnt allow us to update web.config on their server programmatically. I can use example codes and encrypt them on my local pc but heres the error i get when I run them on the live site:
An error occurred loading a configuration file: Request for the permission of type 'System.Security.Permissions.FileIOPermission, mscorlib, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089' failed. (machine.config)
View 2 Replies
Sep 23, 2010
Is aspnet_regiis.exe secure? If i encrypt using aspnet_regiis.exe, will it automatically decrypt the string and wont give any error? Need an insight into this stuff.... Is Rsa the best option or wat? Wat's the best way to encrypt/decrypt programmatically?
View 10 Replies
Jul 2, 2010
i am currently developing an asp.net mvc 2 web application and i would like to create new foldersprogrammatically with access rights, in order to enable loged on users upload their image files.My question has to do with how to assign write access using Directory.CreateDirectory function and assigning DirectorySecurity rules (meaning for which user should i enable user rights, etc...). Note that the hosting envirnoment uses IIS 7.
View 1 Replies
Mar 24, 2013
I have developed an e-comm web site in asp.net with sql server as a database. Now I want to upload that web site with DB to hosting server. This is my first web hosting and I don't know how to do it.
I've created the DB script to recreate the DB at the hosting server, but I don't know how to run it on server.
What changes need to be done in my connection string in web.config file for connecting the DB which will be on hosting server.
I also have ftp client "Filezilla" which i am able to use for uploading static html pages on server.
My connection string is:
<add name="DBCS" connectionString="data source=(local)SQLEXPRESS;database=LAAFOOD;Integrated Security=SSPI;" providerName="System.Data.SqlClient"/>
View 1 Replies
Apr 28, 2014
What will change in connection string after upload database to hosting?
View 1 Replies
Mar 30, 2010
When I try to encrypt the "connectionStrings" section in the web.config file of my asp.net web application on Windows Server 2008, I'm getting the following error:
Administration utility (2.0.50727) to install and uninstall ASP.NET on the local machine. Copyright (c) Microsoft Corporation. All rights reserved. Note: This utility has limited capabilities on the Windows Vista operating system. It is recommended that you use the "Turn on or off Windows features" option of the "Programs" component of Control Panel to install or remove ASP.NET. It is also recommended that you use the IIS Manager component or the Appcmd.exe tool to configure ASP.NET applications.
The above information is followed by the list of valid options to aspnet_regiis.exe.
The command that I've used is:
aspnet_regiis.exe -pef "connectionStrings" "C:Usersuser1DocumentsMywebsite" -prov "DataProtectionConfigurationProvider"
But, the same command is working fine when used on a Windows Server 2003 machine. The problem is occurring only on Windows Server 2008 with IIS7.
View 1 Replies
Jun 24, 2010
Is there anyway to convert any video that has been uploaded by the uplaod control to a flv fromat in a shared hosted enviroment or is there any dll etc to use ?.
View 8 Replies
Oct 4, 2010
Is there a way to email any error message a user recieves to a mailbox.
Basically if the user recieves one of the asp.net error pages is there a way for that message to be emailed to a mailbox for me to look into?
It is on a shared hosting environment.
View 1 Replies
Dec 14, 2010
I received some code, a small c# asp.net application which manually posts a shared username/pwd to a 3rd party website for auto-logins from our intranet site. During transit the password is encrypted, but not within the application. Within this application a namevaluecollection is used and the username and password are hard coded. Originally the thought was, who cares if its hard coded because its shared between everyone anyway. Now we want to encrypt the username and password from within the application. I'm not sure the best way to accomplish the goal of making sure the password is encrypted "at rest". Normally I've seen passwords stored and encrypted within a database. I know we'll obviously have to move the password out of the application and store it somewhere else, I'm just not sure where. Do we move the username and pwd to the web.config file? I really am not sure the best way to approach this.
View 1 Replies
Mar 4, 2010
MembershipUser newUser = Membership.CreateUser(UsernameTextbox.Text, PasswordTextbox.Text);In web.config i have connection string but i would like to use MemBershipUser on different connection string.
View 1 Replies
Jul 16, 2010
My boss does like storing the connection string and credentials in the web.config - even when its encrypted.
He also doesnt want the IIS box and SQL box to both be in the same domain, or have trusted domains.
Is there a more secure method of connecting to SQL? Is there some kind of token login?
View 3 Replies
Feb 16, 2010
I have been searching internet in order to secure my connection string in the web.config file and setting the Login controls connection strings in runtime
TEverything about encrypting connection strings works fine on local machine. I can do it programmatically and on aspnet_regiis.exe
My questions are How can I set the connection string to any login control in runtime? How can I encrypt my connection string on my shared hosting ?How can I use aspnet.regiis.exe to encrypt my config file on shared hosting ? How to define the commands ?If I can find a solution to my 1st question, 2nd doesnt matter anymore.
View 4 Replies
Feb 2, 2011
I have a db connection string 'ApplicationServices' defined in the connectionString section of web.config and 3 Entity Framework connection strings which have the provider connection string attribute with the same connection string as the one in 'ApplicationServices'. Is there a way to reference connectionString in 'ApplicationServices' for the provider connection string attribute of the EF connection string in the web.config, rather than providing the connection string all over again?
View 1 Replies
May 3, 2010
I am wondering how to encrypt the below information in the "web.config" file of the "Account" folder (where we have the secured pages):
[Code]....
My issue here is that even after I compiled my application (using "aspnet_compiler -v /reports c:
eports"), the information inside the web.config file of the Account folder still not encrypted, and I want to publish my site to the customer server. So, since this server is a customer server, then they can access this "web.config" file and change our web-application security behaviour (correct me if I am wrong). Basically, I don't want the customer to even have access to our secured pages when they access our web-application using the web browser. How to solve this issue?
View 2 Replies
Nov 12, 2010
I have written a couple methods that encrypt and decrypt the appSettings section of my web.config file using the WebConfigurationManager. I just hooked up the methods to the page_load event to test that it works, which it does. Now I need to deploy to a web farm and need advice. What is the best way to make it so I can encrypt, but more importantly decrypt the web.config when I need to? I thought about putting a hidden page with "encrypt" and "decrypt" buttons, but that seems risky. What is the "accepted" method for rolling out something like this?
View 1 Replies
Mar 15, 2011
just for my testing purpose i know i can define both the connection's outside in a single web config file by different name's and access them in my front end according to it but what if i want to have seprate for both connection's web.config situation is like this see image so i want to access my connections from second web config file how i can do that.
[Code]...
i tired this but its giving error
[Code]....
View 1 Replies
Dec 20, 2010
I have created a web site in Visual Web Developer 2008 Express Edition. I have created database using SQL Server Express. The web site works good. I have hosted the web site, then getting error in connecting to database.
The connection string is
<
add
name="QkINDUSConnectionString"
connectionString="Data
Source=.SQLEXPRESS;AttachDbFilename=|DataDirectory|QkINDUS.mdf;Integrated Security=True;User Instance=True"
providerName="System.Data.SqlClient"/>
know what is the correction i need to make in ConnectionString ?
View 3 Replies
Oct 18, 2010
I am preparing for an Access2007 db conversion at the beginning of the year and would like to know what the best process would be for connecting to the sqlserver2005 database. I have read about adding the connection string to the web.config file. I have also read about using ADO.NET and put the connection information into a class and not the web.config file.
I would like to hear from others as to what you have used, are using, or plan on using for a webapp (vs2010), and why so I can get an understanding.
View 3 Replies
May 3, 2010
I have deploy my web site, it contains a project!
in MyWeb there are all the aspx page and some entites datamodel, in MyApp there are the class with function like "getter data from DB" and there is a entity data model.
afeter the deploy, I have only the web.config and the connection string for the entity datamodel....itīs run ok, read/write the data on the DB.
The problem is with MyApp.....after the deploy it is a dll file and I donīt have the app.config and the entity inside it donīt run, not read/write nothing on the DB.
There arenīt error or messager but not read/write the data in the MyApp project.
all run on the iis 7
now...the question is:
I lose the connection string (in app.config) after the deploy?
Can I put a entity in the MyWeb and read it in another project (myApp)?
ps: for connect to DB I use not the c# code:
var db=from x in AccessDB.Example select x;
View 1 Replies
Dec 9, 2012
My web.config contains passwords to my database and smtp and i want to tighten up the security, i want to protect the passwords fully so if a hacker or webhost employee accessed all the webserver files the passwords cannot be easily accessed
I run on a shared host so using encryption could be an issue as i havnt got full IIS access - i havnt gone down that road yet to look fully into it
I was thinking it might be easier and secure enough if i moved the connection strings & passwords from the web.config into a referenced .dll which was protected by a professional obfuscation tool
View 1 Replies
Feb 1, 2011
I added a database to my project. When I did so an app.config file was added to my project. (Yes I know I have dangerous info in the connection string. I shall change that but for now I am messing around with test stuff.)
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
</configSections>
<connectionStrings>
<add name="NyStories.Properties.Settings.storyConnectionString"
connectionString="Data Source=|DataDirectory|story.sdf;Password=driver;Persist Security Info=True"
providerName="Microsoft.SqlServerCe.Client.3.5" />
</connectionStrings>
</configuration>
I did a google search on how to get the connection string value and found. string sConn = ConfigurationSettings.AppSettings["ConnectionString"]; I am getting a warning that this is obsolete. It has been replaced by ConfigurationManager.AppSettings. Ok Fine. According to the docs, it is also in System.Confiuguration which I already have a using statement for above. But when I attempt to use it, it is not part of the assembly.
View 4 Replies
Feb 14, 2011
My web application has to retrieve database from more then two difference sql server.
for example, one from localhost, one from different server ip.
all firewall setting was finished, but i just dont know how to code and use it.
here is my web.config :
[Code]....
this defines only one database in my localhost.but i need to call different connection strings each time i need.
how do i implement this?
View 4 Replies
Jan 28, 2011
I called the string in my Data layer
string connectionName = System.Configuration.ConfigurationSettings.AppSettings["Connection"].ToString();
now how could call it in SqlConnection con
View 11 Replies
Mar 25, 2011
We can store Connection String in Web.config file in two ways One is
<connectionStrings>
<clear/>
<add name="LocalSqlServer"
connectionString="Data Source=(local);Initial Catalog=aspnetdb;Integrated Security=True"
providerName="System.Data.SqlClient" />
</connectionStrings>
Other One is
<appSettings>
<add key="ConnectionString"
value="server=localhost;database=Northwind;uid=sa;password=secret;" />
</appSettings>
Now I want to know What is difference between these two approach? Which one is better way? What are their limitations?
UPDATE:Can you explain that <connectionString> has any significant advantage over <appSetting>?
View 5 Replies
