0

I have an ASP.NET page that uses the MySQL.NET library to access a MySQL DB on the server. My question is about storing the connection string in the web.config. The MySQL.NET connection string looks like:

"server=localhost;user=user;database=db;password=pw"

I have to assume having the pw in the web.config as plain text isn't a good thing. What are my options to getting around this?

Improve this question

2 Answers 2

Reset to default
1

You can encrypt the connection string in your web.config.

For more information : Securing Connection Strings

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

So I basically make a separate program, that will take the config file and encrypt/decrypt it? Then in my asp.net page I decrypt it before reading? "The connection string can only be decrypted on the computer on which it was encrypted." This seems interesting. So I would have to do this on the web server itself when I'm ready to deploy it into production then? So hosts that don't allow you to have direct access to the server machine, I'd have to do this in the asp.net page 1 time when I put it on the server? Seems kind of strange. What if the host switches servers on me at some point?
1

You can encrypt Web.config using "Protected Configuration". See here on MSDN for a full overview of the process:

http://msdn.microsoft.com/en-us/library/dtkwfdky(v=vs.100).aspx

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.