Hide connection string in a hosting environment / no registry access

Question

0.00/5 (No votes)

See more:

.NET3.5

My hoster doesn't allow access to their registry so the published ways to encrypt connection strings won't work. Up to now, I just included the connection strings in the code behind, precompiled the web pages, and stored the customer data in a different database from the aspnetdb.mdf. I don't know if this really enhances security. And it would be fine to hide the connection to the membership data as well. Does anybody know a way to do this?
Thanks
Fritz

Posted 17-Nov-09 18:09pm

swissfritz

Add a Solution

2 solutions

Solution 2

I started trying with DpapiDataProtectionProvider 3 years ago but I tried again today. That works fine locally but it doesn't work on the server of my hosting provider. When I upload the encrypted config file, the host machine doesn't know what to do with the cypher. If I try to encrypt on the host machine, only part of the connectionStrings is encrypted (not the sensible parts), and the system stops recognizing any code in the config file. It seems to be a question of trust level, which is a hot subject for web hosters.

Posted 24-Nov-09 20:34pm

swissfritz

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

The Man from U.N.C.L.E. · Accepted Answer · 2009-11-23T07:11:00

Solution 1

The .Net Framework supports encryption of connection strings in the app.config file. This replaces the need to use the registry.

See this MSDN article[^] for more details.

Posted 23-Nov-09 7:11am

The Man from U.N.C.L.E.