Hide password from database

Question

Hide password from database

Asked 6 years, 11 months ago

Viewed 432 times

0

Good Afternoon,

I have some websites whose database password, I store in a connection string, on the web.config.

Any programmer who has access to hosting ftp, can read the web.config file and view the password of the database.

Is there any way to hide the password from the database?

I recommend reading of How to hash passwords securely?

– Danilo Favato

2017/07/24 at 18:13

1 answer

Browser other questions tagged database asp.net security-guard web.config

You are not signed in. Login or sign up in order to post.

by mcamara • **1,237** points · Answer 1 · 2017-07-24T18:25:13+00:00

You can encrypt your web.config file with a component called aspnet_regiis.

To encrypt the sections and the web.config file.

In a text editor, open the web.config file for your application. If you do not have a Web.config file for your ASP.NET application, open a text editor, copy the example setting into a new file, and then save the file in your application directory ASP.NET web.config autonomous system.

Make sure that there is a child element and a child element for the element, as shown in the following example.

<configuration>
   <connectionStrings>
      <add name="SqlServices" connectionString="Data Source=localhost;Integrated Security=SSPI;Initial Catalog=Northwind;" />
   </connectionStrings>

   <system.web>

     <machineKey validationKey="D61B3C89CB33A2F1422FF158AFF7320E8DB8CB5CDA1742572A487D94018787EF42682B202B746511891C1BAF47F8D25C07F6C39A104696DB51F17C529AD3CABE"
       decryptionKey="FBF50941F22D6A3B229EA593F24C41203DA6837F1122EF17" />

   </system.web>
</configuration>

Close the web.config file.

At the command prompt, change the directory to the . NET Framework directory version 2.0 by typing the following command: WINDOWS Microsoft.Net Framework v2.0 cd.*

At the command prompt, run the Aspnet_regiis.exe tool with the following options: The -pe option and the string "connectionStrings" to encrypt the connectionStrings element of the web.config file to your application. The -app option and the name of your app. For example, the following command encrypts the section of the web.config file to an application called Myapplication. aspnet_regiis -pe "connectionStrings" -app "/Myapplication"

Repeat the previous step for the element phylum ,as shown in the following example: aspnet_regiis -pe "system.web/machineKey" -app "/Myapplication" Do not close the command prompt window.

Open web.config and then view the encrypted content. The content will be similar to the following example web.config file.

For more information, the official Microsoft website can give you more information! https://msdn.microsoft.com/pt-br/library/dtkwfdky(v=vs.100). aspx