Encryption and decryption of database connection strings in web. config. net

Source: Internet
Author: User

. Net, we generally write the database connection string on the web. in the config file, if you directly write the file in the class and publish it to the website, we usually send the deployed website to the customer (page files and dll files ), there is no code file (cs file). If we write the connection string into the code, it is obviously inconvenient, but some people will put the connection string there, so when we raise the right, we sometimes use the web. no database connection information is found in config.

However, if we put it in web. config, it is displayed in plain text and insecure, so. net provides us with an encryption tool,

Encryption Method
Aspnet_regiis.exe-FFE "configuration section in web. config" "project path"-prov "DataProtectionConfigurationProvider"

Decryption Method
Aspnet_regiis.exe-pdf "configuration section in web. config" "project path"-prov "DataProtectionConfigurationProvider"
For more detailed parameter information, see help.


----------------------------------------------------------------------

Example

Web. config

Encryption statement
C: WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_regiis.exe-Arg "connectionStrings" "project path"-prov "DataProtectionConfigurationProvider"




Encrypted web. config

Decryption statement
C: WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_regiis.exe-pdf "connectionStrings" "project path"
Decryption process

========================================================== ========================================

Pay attention to the following points:


1. encryption and decryption must be on the same computer, so if we use this encryption, other people in webshell cannot come up with anything (of course, if the webshell permission is different from the system permission)

2. After we encrypt the connection string, we do not need to decrypt it ourselves. net will automatically decrypt it.

3. The support for Chinese characters is not very good. If the site path has Chinese characters, it may not be able to be decrypted normally.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.