什么是加密web.config中的意义呢？ ASP.NET [英] What is the point of encrypting the web.config? ASP.NET

问题描述

爱，有些供应商告诉我的老板，不是加密的web.config是很大的​​安全漏洞。这听起来像废话给我。我的意思是，如果有人妥协是不是我们反正拧服务器？

Oi, some vendor is telling my bosses that not encrypting the web.config is big security hole. This sounds like bunk to me. I mean, if someone compromises the server aren't we screwed anyways?

推荐答案

加密并不意味着你得到保护。需要解密私钥存储在服务器上，因此，如果您的服务器被攻破你的web.config可以解密。

The encryption does not mean that you are protected. The private key needed for decryption is stored on the server, so if your server is compromised your web.config can be decrypted.

我们只能加密web.config中的连接字符串部分。它有助于prevent其他窥探轻易访问尤其是在开发环境中我们的连接字符串（这往往比生产环境安全的要少得多的）。

We only encrypt the connection string section of the web.config. It helps prevent other prying eyes from easily accessing our connection strings especially in the development environment (which is often much less secure than your production environments).

加密仅仅是一小片的分层安全。这绝不是为保护您的敏感信息的终极解决方案。

The encryption is just a small piece to the layered security. It is by no means an end-all solution for protecting your sensitive information.

这篇关于什么是加密web.config中的意义呢？ ASP.NET的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！