c# - Asp.net ConnectionString in secure way

Question

I could not get a satisfactory answer to my question on the google, they are:

• How secure ConnectionString is over the HttpRequest?
• Is using ConnectionString in web.config file more secure than using in any specific aspx page?
• And how to secure ConnectionString for highly secure website?

I'm just curious to know about this.

Answer 1

You can encrypt the conenction string inside the webconfig, here is an article from Microsoft about this topic : http://msdn.microsoft.com/en-us/library/dx0f3cf2(v=vs.80).aspx

If you sending the connectionstring over a channel its not more secure than the channel. For example sending the connectionstring over HTTP and it will be just plain text, HTTPS and it will be encrypted, over FTP just plan text, and so on...

If you have a webapplication in a shared hosted environment you should be worried about that the provider maybe get hacked.

So just keep the connection string inside the web.config and encrypt it and don't send it around on internet ;-)