被加密的web.config毫无意义? [英] Is encrypting web.config pointless?
问题描述
我今天看的博客(<一href="http://somewebguy.word$p$pss.com/2009/07/20/is-encrypting-your-web-config-a-waste-of-time/">http://somewebguy.word$p$pss.com/2009/07/20/is-encrypting-your-web-config-a-waste-of-time/)有关这两个如何使用aspnet_regiis的工具来加密你的AppSettings /的ConnectionStrings等。
I was reading a blog today (http://somewebguy.wordpress.com/2009/07/20/is-encrypting-your-web-config-a-waste-of-time/) about both how to encrypt your appsettings/connectionstrings etc. using the aspnet_regiis tool.
他有一个跟进后与别人说这是浪费时间的一些反馈。
He has a follow up post with some feedback from others saying this is a waste of time.
我的问题是,你有什么感想?你完全一旦有人获得物理访问你的web.config文件反正大清洗?或者,这是一个值得precaution?
My question is, what do you think? Are you totally hosed as soon as anyone gets physical access to your web.config files anyway? Or is this a worthwhile precaution?
推荐答案
我不认为这是毫无意义的。如果有人到你的Web服务器获得访问权限,是的,你是在一个很大的麻烦。这是否意味着你需要让他们获得相同的访问你的数据库/中间层/应用服务器呢?
I don't think it is pointless. If someone does gain access to your web server, yes you are in a lot of trouble. Does that mean that you need to allow them to gain that same access to your database/middle-tier/application server as well?
这篇关于被加密的web.config毫无意义?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
