How to solidly protect web.config

tags:

asp.net
c#

views:

459

answers:

+3 Q:

How to solidly protect web.config

hi, maybe i am understanding it all wrong but as i understood the best way to protect your connection string is through encrypting it, now i got these questions.

Question 1:

will encryption work in shared hosting environment ?

Question 2:

if i have an FTP service can any user upload an ASPX file and retrieve the connection string through configuration manager namespace ?

thanks in advanced.

+4 A:

Question 1:

What are you protecting your connection string against?

If it's against hackers and such, if web.config is available for them, your system has already been compromised and nothing you can do will help you.

If it's against casual observers (i.e. the coders), even something simple as base64 encoding will help.

Question 2:

You shouldn't allow your users to upload files to a directory where aspx files can be executed - that way the users can do anything they want.

configurator 2009-04-26 10:19:30

man, how can make a directory don't execute aspx files ?

2009-04-26 10:35:43

@devmania: Make that a virtual directory and deny execute on that in IIS.

Mehrdad Afshari 2009-04-26 12:18:21

man, what if you are on shared hosting :(

2009-04-26 19:31:16

Shared hosting should still allow you to do that. Talk to the host to disallow scripts from that directory.

configurator 2009-04-27 07:48:36

+5 A:

1: I can't see why not.

2: Potentially, although you should be taking measures to prevent this. I find the best approach is to use windows authentication and set the identity of the app-pool to use a dedicated, locked-down, windows account in IIS. This way your connection string will never contain a password.

Paul Suart 2009-04-26 10:21:01

+1 an encrypted conn string must still be reversible so it can be used...

gbn 2009-04-26 10:24:45

how can i make it reversible ?

2009-04-26 10:38:45

+1 A:

Not an answer to your 2 questions, but: The best method for protecting connection string is not having such connection that requires password in connection string. NTLM or similar is much more secure. Other than that if users have access to FTP - encryption is so-called security by obscurity which can be easily reversed.

Mash 2009-04-26 10:57:26

Encryption doesn't by itself violate Kerckhoff's law (the origin of security through obscurity), but is often used in such a manner. The problem is that you need to impose segregation of duties to make server-side config encryption secure: a key store whose access doesn't permit server admin access, and only permits key retrieval on behalf of authorized users. Direct NTLM or Kerberos is simpler, if supported by the infrastructure (not all databases, alas!).

Pontus Gagge 2009-04-26 12:54:27

I mean that not enryption is bad, but in desribed situation encryption would not really raise the security at all.

Mash 2009-04-26 14:19:54

the things is guys, i wont let users have ftp access to the config directory, but i don't want them to upload aspx code that will retrieve the connection string or any sensitive data, that makes me wonder, how secure is the webconfig ? i know it is blocked access by IIS but what ways a hacker could get around that and get to it ?

2009-04-26 17:13:27

If hacker can execute any code (upload aspx and run i.e. is nice hole) - it doesn't matter will he steal your password - he already has full access to all your data and code. Encryption of connection string will take few funny minutes to avoid if he will need that at all. Just remember - possibility to upload executing code 100 times better for hacker than any of your password.

Mash 2009-04-26 18:06:55

so true Mash, i just want to find a way to prevent ftping aspx files

2009-04-26 19:39:53

you should only have ftp access to not executable areas of site

Mash 2009-04-26 19:46:25

ansaurus

tags:

views:

answers:

How to solidly protect web.config

related questions