Snitz Forums 2000 - encrypt password of connectionstring

Snitz Forums 2000

Username:	Password:
Save Password
Forgot your Password?

All Forums

Help Groups for Snitz Forums 2000 Users

Help: Database: MS SQL Server

encrypt password of connectionstring

New Topic

Topic Locked

Printer Friendly

Author

Topic

von7thal
Starting Member

15 Posts

Posted - 23 June 2009 : 12:12:43

hi

is there a possibility to encrypt the password of the connectionstring in the config.asp-file?

i use windows integrated authentication. is it possible to use the logged in userinformation?

greez

AnonJr
Moderator

United States
5768 Posts

Posted - 23 June 2009 : 13:36:46

Not sure if you can use Integrated Authentication with SQL Server or not, but if someone has access to your code to read the user name/password (and you don't trust them) I think you've got bigger problems.

von7thal
Starting Member

15 Posts

Posted - 23 June 2009 : 14:06:31

that is correct.
and thats why id like to store the password encrypted in the config-file. forget about the windows integrated authentication.
what possibility do i have to encrypt it?

AnonJr
Moderator

United States
5768 Posts

Posted - 23 June 2009 : 14:35:51

Kinda missed the latter point: if they have access to your code there's nothing to stop them from copying and using the connection information - encrypted or otherwise. If they have that kind of access to your server then you are screwed.

Doug G
Support Moderator

USA
6493 Posts

Posted - 23 June 2009 : 15:56:44

if you're really using integrated authentication in your sql server you don't have to worry about passwords in the config file, the sql server will automatically use the windows user account that your web server is running under, not whatever you might have in the connection string.

======
Doug G
======
Computer history and help at www.dougscode.com

Topic

New Topic

Topic Locked

Printer Friendly

Jump To:

Snitz Forums 2000

This page was generated in 0.16 seconds.