使用保护配置加密web.config无意义？ [英] Encrypting web.config using Protected Configuration pointless?

问题描述

所以我正在找出加密数据库连接字符串和sql会话状态连接信息的最佳方式的过程在web.config中。我很快就在msdn上找到一个散步，解释了使用受保护的配置加密web.config的部分：
使用保护配置的MSDN演练

所以我觉得很好，有一个机制来做这看起来很简单。我接下来的演练结束，他们提供了一个可以用来解密所有连接字符串的aspx页面的源代码!!!!

什么是点？我没有在这个Web服务器上运行任何ftp服务，任何人都可以看到web.config的唯一方法是，如果他们可以访问网站发布的文件系统。如果他们有，那么所有他们要做的是使用提供的代码来解密。

我缺少什么？有没有更好的加密方式？如果我滚动一个自定义解决方案，它将适用于sql会话状态部分？ （不要相信那个手杖可以从web.config中删除）

解决方案

您至少需要对文件系统进行写访问才能够假设您正在使用DPAPI提供程序，将其解密。解密方法包括：

• 将包含解密码的aspx页面复制到服务器并导航到

但是，它防止未经授权的用户解密读取对文件系统的访问或文件系统的备份。

通常，您将设置生产服务器，以便只有授权的管理员可以登录到服务器或写入它文件系统。

开发人员可能有远程读取访问权限用于支持，并且无法远程解密配置文件。

使用标准库，加密/解密很简单：很难确保只有授权的人才能访问密钥。

如果您使用DPAPI，您实质上将密钥的管理委托给Windows安全。如果您使用其他提供商（如RSA），则需要将密钥存储在某处，并保护其免受未经授权的访问。使用ACL。

I must be missing something...

So I am in the process of figuring out the best way of encrypting the database connection string and sql session state connection info in web.config. I quickly find a walk through on msdn explaining using protected configuration to encrypt parts of the web.config: MSDN walkthrough on using Protected Configuration

So I am thinking great, there is a mechanism in place to do this and it looks very simple. I get to the end of the walkthrough, and they provide the source code for an aspx page that can be used to decrypt all the connection strings!!!!

What is the point??? I dont have any ftp service running on this web server, the only way anyone is going to see web.config is if they have access to the file system where the website is published. If they have that then all they have to do is use the provided code to unencrypt.

What am I missing? Is there a better way to encrypt these? If i roll a custom solution will it work for the sql session state part? (dont believe that cane be removed from web.config)

解决方案

You need at least write access to the filesystem to be able to decrypt it, assuming you're using the DPAPI provider. Ways to decrypt it include:

• Copy an aspx page containing decryption code to the server and navigate to it
• Log in on the server and run an application to decrypt it.

But it protects against decryption by an unauthorised user who has read access to the filesystem or a backup of the filesystem.

Typically you would set up your production servers so that only authorized adminstrators can log in to the server or write to its filesystem.

Developers might have remote read access for support purposes, and would not be able to decrypt the config file remotely.

Encryption/decryption is easy with standard libraries: the hard part is ensuring only authorized people have access to the keys.

If you're using DPAPI, you're essentially delegating management of the keys to Windows security. If you use another provider such as RSA, you need to store the key somewhere, and protect it against unauthorized access e.g. using an ACL.

这篇关于使用保护配置加密web.config无意义？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！