سؤال
So I have seen some different articles on securing connection strings for ASP.Net applications, but they are all quite dated. I have searched for "Securing Connection String ASP.Net" "Protect Password connection string SQL Server" and other variations and I'm not finding exactly what I'm looking for.
I am specifically using MVC 5. My question is, Is there a method for storing my password outside of the web.config in a manner that is secure so that my password is not in plain text that is easy to implement.
I was assuming that I could connect to my database and through some type of action reset the password using encryption or hashing through the command line. I'm new to this, so be kind. What are my options. I'm assuming there must be a best practice that is not too complex.
I'm connecting to SQL Server 2012 using an MVC 5 (C# in .Net 4.5)
Most of the stuff I found was dated (2007). I did run across something about using Rijndael Example.
المحلول
You want configuration section encryption, see this article. This is a native option of ASP.NET so it works for MVC too. Note, in case of a web farm scenario you need the same key on every machine in the farm.
Another option could be placing a clear connection string to machine.config (it will auto merge to all configuration files on the box) and restricting file access to it.
https://stackoverflow.com/questions/23596370
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian