I want to encrypt my web.config file to hide some sensitive data like passwords with aspnet_regiis .
Encryption is made with this code in the command prompt C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319>aspnet_regiis.exe -pef "appSettings" C:\\inetpub\\wwwroot\\testweb
And I can decrypt it with this code (-pef changed to -pdf)
C:\\Windows\\Microsoft.NET\\Framework64\\v4.0.30319>aspnet_regiis.exe -pdf "appSettings" C:\\inetpub\\wwwroot\\testweb
So my question is: Why should I even encrypt the file when it's so easy for anyone to decrypt it with above command? There is no "key" needed to encrypt/decrypt.
Or am I missing something?
一些黑客可能会窃取 web.config 但无法访问 cmd.exe。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.