Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
629 views
in Technique[技术] by (71.8m points)

c# - Asp.net ConnectionString in secure way

I could not get a satisfactory answer to my question on the google, they are:

  • How secure ConnectionString is over the HttpRequest?
  • Is using ConnectionString in web.config file more secure than using in any specific aspx page?
  • And how to secure ConnectionString for highly secure website?

I'm just curious to know about this.

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You can encrypt the conenction string inside the webconfig, here is an article from Microsoft about this topic : http://msdn.microsoft.com/en-us/library/dx0f3cf2(v=vs.80).aspx

If you sending the connectionstring over a channel its not more secure than the channel. For example sending the connectionstring over HTTP and it will be just plain text, HTTPS and it will be encrypted, over FTP just plan text, and so on...

If you have a webapplication in a shared hosted environment you should be worried about that the provider maybe get hacked.

So just keep the connection string inside the web.config and encrypt it and don't send it around on internet ;-)


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...