加密web.config无意义？ [英] Is encrypting web.config pointless?

问题描述

我今天正在阅读博客（ http://somewebguy.wordpress.com/2009/07/20/is-encrypting-your-web-config-a-waste-of-time/ ）关于如何使用aspnet_regiis工具加密您的appsettings / connectionstrings等。

I was reading a blog today (http://somewebguy.wordpress.com/2009/07/20/is-encrypting-your-web-config-a-waste-of-time/) about both how to encrypt your appsettings/connectionstrings etc. using the aspnet_regiis tool.

他有一个后续的帖子，其他人的反馈意见表示这是浪费时间。

He has a follow up post with some feedback from others saying this is a waste of time.

我的问题是，你觉得怎么样？一旦任何人获取物理访问您的web.config文件，您是否完全被玷污？或者这是值得的预防措施吗？

My question is, what do you think? Are you totally hosed as soon as anyone gets physical access to your web.config files anyway? Or is this a worthwhile precaution?

推荐答案

我不认为这是没有意义的。如果某人有权访问您的Web服务器，是的，您遇到了很多麻烦。这是否意味着您需要允许他们获得与数据库/中间层/应用程序服务器相同的访问权限？

I don't think it is pointless. If someone does gain access to your web server, yes you are in a lot of trouble. Does that mean that you need to allow them to gain that same access to your database/middle-tier/application server as well?

这篇关于加密web.config无意义？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！