Hi friends,
When you get a client who is more technical ,then it accentuate on safety of his critical data. Recently I faced such type of client. When my client went through publish asp.net project on server and he found that our db password inside web.config ‘s connection string , and expressed his concern for it safety of db password. so he suggested me not to placed in web.config moreover he asked me to hardcoded that password in my asp.net code and obfuscate that dll..!!.
But this is rubbish idea..!!, so I have used technique to encrypt some part of configuration section of web.config using Aspnet_regiis.exe tool to encrypt sections(in my case i did only connectionstring) of my project’s web.config.
microsoft .net framework by default provides following protected configuration provider
- RsaProtectedConfigurationProvider
- DataProtectionConfigurationProvider
before encryption my connection string was something like this ..
Then I have run following command to encrypt my connection string
And I got following changes in my web.config
Compile by
Divyang Panchasara
No comments:
Post a Comment