Key Maker
ASP.NET stores all the configuration information in plain text files called web.config and machine.config files. We store all vital information including database connection strings, user names, passwords for the databases. Thus you end up storing all sensitive information in vulnerable plain text files which is nothing but security compromise.
If you want to secure your connection strings and application settings, here is an easy way to encrypt / decrypt sections in web.config file. You can use aspnet_regiis.exe command line tool as follows:
Encrypting appSettings and connectionStrings sections in web.config :
Aspnet_regiis.exe –pef “appSettings” “<PathToWebSiteDir>” –prov “DataProtectionConfigurationProvider”
Aspnet_regiis.exe –pef “connectionStrings” “<PathToWebSiteDir>” –prov “DataProtectionConfigurationProvider”
Decrypting appSettings and connectionStrings sections in web.config :
Aspnet_regiis.exe –pdf “appSettings” “<PathToWebSiteDir>”
Aspnet_regiis.exe –pdf “connectionStrings” “<PathToWebSiteDir>”
zieglers
