在主机环境中隐藏连接字符串/无注册表访问权限 [英] Hide connection string in a hosting environment / no registry access
问题描述
我的托管服务商不允许访问其注册表,因此已发布的加密连接字符串的方法将无法使用.到目前为止,我只是在后面的代码中包括了连接字符串,对网页进行了预编译,并将客户数据存储在与aspnetdb.mdf不同的数据库中.我不知道这是否真的可以增强安全性.也可以隐藏与成员资格数据的连接.有人知道这样做的方法吗?
感谢
Fritz
My hoster doesn''t allow access to their registry so the published ways to encrypt connection strings won''t work. Up to now, I just included the connection strings in the code behind, precompiled the web pages, and stored the customer data in a different database from the aspnetdb.mdf. I don''t know if this really enhances security. And it would be fine to hide the connection to the membership data as well. Does anybody know a way to do this?
Thanks
Fritz
推荐答案
.Net Framework支持对app.config文件中的连接字符串进行加密. 这取代了使用注册表的需要.
The .Net Framework supports encryption of connection strings in the app.config file. This replaces the need to use the registry.
See this MSDN article[^] for more details.
我3年前开始尝试DpapiDataProtectionProvider,但我 今天再次尝试.在本地可以正常使用,但不适用于 我的托管服务提供商的服务器.当我上传加密的配置文件时, 主机不知道如何处理密码.如果我尝试 在主机上加密,只有部分connectionStrings是 加密(不是敏感部分),系统停止识别 配置文件中的任何代码.这似乎是信任度的问题, 这是网络托管者的热门话题.
I started trying with DpapiDataProtectionProvider 3 years ago but I tried again today. That works fine locally but it doesn''t work on the server of my hosting provider. When I upload the encrypted config file, the host machine doesn''t know what to do with the cypher. If I try to encrypt on the host machine, only part of the connectionStrings is encrypted (not the sensible parts), and the system stops recognizing any code in the config file. It seems to be a question of trust level, which is a hot subject for web hosters.
这篇关于在主机环境中隐藏连接字符串/无注册表访问权限的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!