I have questions about a secure connection to the database. I made a connection with MySql database using app.config file in which I put the data server, database, and user password. The so-called connectionString. Is it safe?
Please help and have any tips or any good material.
Example code:
<connectionStrings>
<add
name="MyDBConnectionString"
connectionString="NameServer.info; User Id=NameUser; Persist Security Info=True; database=DatabaseName; password=Pass"
providerName="MySql.Data.MySqlClient"
/>
</connectionStrings>
You should encrypt your Connection Strings
stored in configuration file.
Use aspnet_regiis.exe found in: Start –> Visual Studio –> Visual Studio Tools –> Visual Studio Command Prompt
Run this command:
aspnet_regiis –pef connectionStrings c:\PathToWebSite
If the above command does not work try
aspnet_regiis -pe connectionStrings -app "/" -site n
where n
is the site ID of website as reported in IIS.
Now if your Connection String
section will be encrypted:
<connectionStrings configProtectionProvider="RsaProtectedConfigurationProvider">
<EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element"
xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#">
<EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" />
<KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
<KeyName>Rsa Key</KeyName>
</KeyInfo>
<CipherData>
<CipherValue>Bf677iFrUFW ... +4n4ZZKXCTUAu2Y=</CipherValue>
</CipherData>
</EncryptedKey>
</KeyInfo>
<CipherData>
<CipherValue>UDEZ ...QfXUmM5rQ==</CipherValue>
</CipherData>
</EncryptedData>
</connectionStrings>
For more Information:
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.