加密web.config无意义? [英] Is encrypting web.config pointless?
问题描述
我今天正在阅读博客( http://somewebguy.wordpress.com/2009/07/20/is-encrypting-your-web-config-a-waste-of-time/ )关于如何使用aspnet_regiis工具加密您的appsettings / connectionstrings等。
I was reading a blog today (http://somewebguy.wordpress.com/2009/07/20/is-encrypting-your-web-config-a-waste-of-time/) about both how to encrypt your appsettings/connectionstrings etc. using the aspnet_regiis tool.
他有一个后续的帖子,其他人的反馈意见表示这是浪费时间。
He has a follow up post with some feedback from others saying this is a waste of time.
我的问题是,你觉得怎么样?一旦任何人获取物理访问您的web.config文件,您是否完全被玷污?或者这是值得的预防措施吗?
My question is, what do you think? Are you totally hosed as soon as anyone gets physical access to your web.config files anyway? Or is this a worthwhile precaution?
推荐答案
我不认为这是没有意义的。如果某人有权访问您的Web服务器,是的,您遇到了很多麻烦。这是否意味着您需要允许他们获得与数据库/中间层/应用程序服务器相同的访问权限?
I don't think it is pointless. If someone does gain access to your web server, yes you are in a lot of trouble. Does that mean that you need to allow them to gain that same access to your database/middle-tier/application server as well?
这篇关于加密web.config无意义?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!