tags:

views:

71

answers:

4
+3  Q: 

Should you encrypt data in the app.config and web.config under this situtation?

Hi

I am developing an asp.net mvc 2 web application. My clients will most likely want a copy of my application to be hosted on their servers instead of me hosting it on my server for all clients.

However I see a problem with this because I was planning to use the .net 2.0 encryptor to encrypt my web.config to make it safer. I got to thinking well I am only going to give them my .dll and views and etc their not going to get the soultion of my file so they can load it up and have a look at what is going on.

So what happens if I encrypt the web.config and all of a sudden the database connect string changes? Let it be the address changes or the username/ password changes.

How would they change it if it is encrypted? Would that mean I would have to rebuild my site and send them a new copy with the changes? Or is their a different way?

If there is no other way it got me thinking should I? What happens if some thing happens and for whatever reason I can't get the new changes to them until 48 hours later. That means they can't use the service for 48 hours.

I have no problem providing support but when it starts coming to little things that they probably should have control to change in the first place they probably should.

I would prefer to have it encrypted but at the same time if I have to make all changes to the web.config that is not good either. Since it could open up different security concerns as they have to get the changes to me some how.

+2  A: 

You could create an installer or management utility that they could run, pick a new server and database, and you store the chosen server/database into your config files in the encrypted format.

marc_s  2010-07-09 18:30:04
A: 

I would provide a configuration utility that allows them to change the connection settings. It could read the settings from your config file. Personally I would create a seperate encrypted xml file for runtime configurable settings. You could even use an encryption method that encrypts it using the user's profile so that another user could not decrypt it by hacking your application.

Edit: I wouldn't use a command line util, because you need to be able to encrypt the user provided values at runtime. Just use the .NET Framework or a library like Bouncy Castle Crypto.

What prevents any joe schmoe hacker from decrypting your config file is the secrecy of the key you use to encrypt it. You could have the user provide a password for the file, which you generate a key from, but they have to provide the password when the program is going to run and needs to access the config file. There are key containers for the machine and the user that you can use to encrypt the file. The machine key will encrypt the file such that you can access the key in any context on the machine. Whatever you use, you have to think about the context of where the config file is going to be used because you need to have access to the key to decrypt the file.

AaronLS  2010-07-09 18:33:18
So you think I should split it about then use Encryption/Decryption using aspnet_regiis.exe command line tool? I am just wondering with this cmd line tool what is stopping a hacker from using it to decrypt the file? Also in my code don't I need to have a decryption method to decrypt it? How would that work with linq to sql?
chobo2  2010-07-09 18:51:55
A: 

Look at this answered question:

http://stackoverflow.com/questions/2460911/encrypting-the-connection-string-in-web-config-file-in-c

Pierre 303  2010-07-09 18:34:24
+5  A: 

If your only concern is encrypting the database connection strings, this article explains how you can remove sections of web.config to separate files, and then encrypt/decrypt those.

You identify the external files in configSource attributes. The web.config file would then look like this:

<?xml version="1.0"?>
<configuration xmlns="http://schemas.microsoft.com/.NetConfiguration/v2.0"&gt;
 <appSettings configSource="appSettings.config"/>
 <connectionStrings configSource="connections.config"/>
 <system.web>
 <compilation debug="true" />
 <authentication mode="Windows"/>
 <identity impersonate="true"/>
 </system.web>
</configuration>

Then you can deal with connections.config in one of the manners suggested by others here.

DOK  2010-07-09 18:39:27
Yes, but that's still not solving the problem when the customer suddenly wants to move the app from Server A to Server B and needs to update the config accordingly. If the "connections.config" file is encrypted, the customer won't be able to make that change in config...
marc_s  2010-07-09 19:19:39
@marc_s Unless you are going to allow the user to decrypt the file, alter it, and save the changes, I can't imagine any scenario where they can suddenly switch servers and not have a problem with an encrypted file. Providing an installer or management utility to allow the user to change and re-encrypt the file will work. If you separate out the database connection string into its own config file as I propose, then that external editing feature will only have to have access to connections.config and not the rest of the encrypted config files.
DOK  2010-07-09 19:34:33
@DOK: you can easily create a management tool that can pick the new server and database and store that information in encrypted form in the config file. No problem at all. And .NET is even as flexible as being able to selectively encrypt only certain sections (e.g. <connectionStrings>) in your config file.
marc_s  2010-07-09 20:23:04
@marc_s I agree, you can easily have the management tool alter web.config or connections.config. There may be other benefits of putting the database connection string in a separate file.
DOK  2010-07-09 20:30:50
@DOK: absolutely, I agree - "externalizing" config works great - but that alone doesn't solve the problem in my opinion. Didn't see your last sentence at first, though - you also mention that fact.
marc_s  2010-07-09 20:32:22

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?