加密的连接字符串 [英] Encrypted Connection Strings
问题描述
好的,我找到了一个在线链接,引导我逐步了解如何加密web.config文件的连接字符串部分.有没有人做过可以为我回答几个问题的人?我尝试使用谷歌搜索答案,但没有任何东西解释我需要知道的内容.
关于我们为什么这样做的一些背景.我需要从我的主管可以访问的外部源下载数据.他希望我每天而不是每月下载此数据(这是我要做的).他想输入自己的用户名和密码来获取连接信息,然后我们将其加密,因此我看不到他的登录信息.
我的问题如下:
1.您可以加密开发连接字符串吗?我看到的说明似乎表明它在部署后已被加密.
2.加密连接字符串信息后,是否可以添加其他连接字符串?如果是,您是否需要解密和重新加密,还是添加它们而不进行加密?
3.他还必须每60-90天重置一次密码.这是否意味着他将必须解密connectin字符串,输入新密码,然后再次重新加密?
如果您没有这个经验,但是知道一个好的在线资源,我也可以考虑.我只想在尝试实现它之前先了解它是如何工作的.
谢谢,
Carolyn
Okay, I found a link online walking me through how to encrypt the connection string portion of the web.config file. Is there anyone who''s ever done this that can answer a couple of questions for me? I tried googling the answers but nothing came up that explained what I needed to know.
A little background as to why we are doing this. I need to download data from an outside source that my supervisor has access to. He wants me to download this data daily rather than monthly (which he has to do for me). He wants to put in his user name and password for the connection information and then we''ll encrypt it so I can''t see his log on information.
The questions I have are as follows:
1. Can you encrypt a development connection string? The instructions I see seem to show it being encrypted after it''s deployed.
2. Once you encrypt the connection string information can you add other connection strings? If yes, do you need to decrypt and re-encrypt or are they added without encrypting?
3. Also he has to reset his password every 60-90 days. Does that mean he''ll have to decrypt the connectin string, input his new password and then re-encrypt it again?
If you don''t have experience with this but know a good on-line source I''d take that also. I just want to understand how this is going to work before I try to implement it.
Thanks,
Carolyn
推荐答案
为什么不使用SSPI-您的Web应用程序可以在
Why not use SSPI - your web application is proably running under a service user account[^]. SSPI allows SQL authentication to be tied to the service user account - this way there will be no need to save username and password in the web.config.
Best regards
Espen Harlinn
1-如果您完全可以做到,我相信您可以在开发中做到.如何处理取决于您自己.但是,除非有一个不涉及您的代码的内置解密方法,否则您将能够解密它并以任何方式读取它
2-我不知道,抱歉,如果加密设置不在连接字符串级别上,那么我认为它们都需要加密.
3-是的,当然可以.
1 - If you can do it at all, I''m sure you can do it in development. How you handle that is up to you. But, unless there''s a built in decryption method that doesn''t involve your code, you''re going to be able to decrypt it and read it anyhow
2 - I have no idea, sorry, if the setting for encryption is not on the connection string level, then I assume they all need to be encrypted or not.
3 - Yes, of course it does.
好吧,我尝试对开发web.config进行加密,但是它没有用.我确实找到了以下文章,似乎无法对开发web.config进行加密,而只能对已部署的web.config进行加密.
http://www.emmet-gray.com/Articles/EncryptConnectionStrings.htm [ ^ ]
如果有人知道可以做到这一点的方法,请告诉我.
谢谢,
卡罗琳
Well, I tried to encrypt the development web.config and it didn''t work. I did find the following article that makes it seem as if I can''t encrypt the development web.config, I can only encrypt the deployed one.
http://www.emmet-gray.com/Articles/EncryptConnectionStrings.htm[^]
If anyone knows of a way this can be done, please let me know.
Thanks,
Carolyn
这篇关于加密的连接字符串的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
