web.config的加密部分.我是不是该? [英] Encrypting sections of web.config. Should I?
问题描述
我负责在本地Intranet服务器上运行的多个ASP.NET Web应用程序.公司外部的用户不应该访问服务器,但是我不愿意在没有必要的情况下给任何机会.并且只有管理员应该有权访问文件系统.
I am responsible for several ASP.NET web apps running on a local Intranet server. Users outside the company aren't supposed to have access to the server, but I don't like leaving anything to chance if it's not necessary. And only admins should have access to the file system.
我应该对web.config的应用程序设置和连接字符串部分进行加密吗?我很少看到此内容,我想知道它是否过大或不是最佳实践.我的连接字符串中有密码,还有用于在应用程序设置中查询AD的服务帐户的帐户信息.
Should I encrypt the app settings and connection string sections of web.config? I haven't see this mentioned very often, and I was wondering if it's overkill or not a best-practice. I've got passwords in my connection strings and account info for a service account I use to query AD in the app settings.
顺便说一句:我会使用
Configuration webConfig = WebConfigurationManager.OpenWebConfiguration(System.Web.HttpContext.Current.Request.ApplicationPath);
ConfigurationSection section = webConfig.Sections["connectionStrings"];
if (section != null && !section.SectionInformation.IsProtected)
{
section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
webConfig.Save();
}
推荐答案
我应该对web.config的应用程序设置和连接字符串部分进行加密吗?
Should I encrypt the app settings and connection string sections of web.config?
如果连接字符串包含密码:则是,没有其他合理的选择.
If the connection strings include passwords: then yes, there is no other reasonable option.
如果使用集成安全性连接到数据库,则信息公开将是数据库和服务器名称,这不是问题.但是拥有始终加密的部署规则可能会更容易,因为更简单的规则更易于遵循和审核.
If using integrated security to connect to the database, then the information exposure would be database and server names, which is less of an issue. But might be easier to have a deployment rule of always encrypting, because the simpler rule is easier to follow and audit.
您还可以使用 aspnet_regiis.exe
来加密部分,而不是编写自己的代码.在PowerShell(或cmd)提示符下输入 aspnet_regiis.exe-?
来查看选项.
You can also use aspnet_regiis.exe
to encrypt sections, rather than writing your own code. Enter aspnet_regiis.exe -?
into a PowerShell (or cmd) prompt to see options.
这篇关于web.config的加密部分.我是不是该?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!