查看DPAPI

http://msdn.microsoft.com/library/de...SecNetHT07.asp

或者您可以构建一个位于防火墙后面的数据访问层。


_Randal

Check out the DPAPI

http://msdn.microsoft.com/library/de...SecNetHT07.asp

Or you can build a data access layer that is behind a firewall.

_Randal

真的很棒取决于你需要多么安全。


你可以争辩说如果有人获得了你的机器的访问权限

他们可以看看你的web.config，无论如何都已经太晚了，并且

的人已经有足够的权限可以造成各种各样的伤害。


现在，除此之外，对于违反安全问题的人来说，这是多么困难。当然从配置文件中读取它

然后反编译一个dll（或许多dll'）的工作要少得多，并通过它搜索

寻找一个地方加密密钥在哪里。那么

的人必须用你的

加密密钥编写一个小程序或其他东西来解密。现在你已经添加了更多的工作，所以这个黑客可能不会实际上去做所有这些。


WebMatrix <我们******* @ discussions.microsoft.com>在留言中写道

news：73 ********************************** @ microsof t.com ...

It really depends on how ultra secure you need to be.

You can argue that if someone gained access to your machine to the point
that they can look at your web.config, then it is too late anyway, and that
person already has enough access to inflict all sorts of damage.

Now, beyond that, it is about how much harder you want to make it for the
person who breached your security. Certainly reading it from a config file
is a lot less work then decompiling a dll (or many dll''s), and searching
through it looking for the one spot where the encryption key is. Then the
person has to write a little program or something to decrypt using your
encryption key. Now you have added a lot more work, and so this hacker may
not actualy go and do all this.

"WebMatrix" <We*******@discussions.microsoft.com> wrote in message
news:73**********************************@microsof t.com...

您好，

我开发了一个连接到2个不同数据库服务器的Web应用程序。带有db username + password的连接字符串存储在
web.config文件中。
经过代码审查后，一位开发人员认为这是一个安全漏洞;因此应该保留连接字符串在其他地方或加密。
我的论点是web.config文件受IIS和Windows
安全保护
就是这种情况。另一个论点是，加密可能需要一个密钥或密码，而密钥或密码也必须存储在某个地方。难以在代码中对其进行编码意味着有人可以轻松地反汇编web
app .dll文件并获取该密钥，如果某人已经足够聪明以至于>违反了IIS和Windows安全。

我向您提出的问题：
1.任何现实生活中都要关注.config文件中的连接字符串
2.可以安全保存连接字符串的其他位置> 3.如果你建议加密，有什么加密方法，应该保留在哪里。

谢谢

Hello,

I have developed a web application that connects to 2 different database
servers. The connection strings with db username + password are stored in
web.config file.
After a code review, one developer suggested that it''s a security flaw;
therefore connection strings should be kept somewhere else or encrypted.
My argument is that web.config file is protected by IIS and Windows
security
which is the case. And another argument is that encryption would probably
require a key or cipher which also would have to be stored somewhere. Hard
coding it in the code would mean that someone could easily disassemble web
app .dll file and get that key, if someone already was smart enough to
breach
IIS and Windows security.

My questions to you:
1. Any real life concerns keeping connection strings in .config files
2. Other locations where connection strings can be kept securely
3. If you do recommend encryption, what encryption methods, Where should
key
be kept.

Thank you

嗯，安全肯定是一个问题。首先，您是否希望在其安全性中信任Windows

，但是，它们并不像他们有任何重大的b $ b b漏洞。 ;-)


其次，如果有人要获得对机器的物理访问权限，那么他们将能够看到凭证。


简而言之，***实践表明凭证不应存储在

明文中。


有两种方法可以保护您数据库。


1）加密是可能的。

存储密钥的问题是正确的。这种定义鸡蛋和鸡蛋的问题在

中，为了保护秘密，你必须定义新的秘密。绕过这个

的一种方法是使用属于Windows的DPAPI
（ http://msdn.microsoft.com/library/de...ecNetHT07。 asp）。

这不需要您使用密钥，因为它从系统上的

信息中获取密钥。

2）您可以在SqlServer和您的网站之间使用可信连接。

这意味着您不必存储用户名和密码。您可以简单地告诉IIS信任网络服务器帐户。

" WebMatrix" &LT;我们******* @ discussions.microsoft.com&GT;在留言中写道

news：73 ********************************** @ microsof t.com ...

Well, security is definitely a concern. First, do you want to trust Windows
in its security, however, it is not like they have had any significant
vulnerabilities. ;-)

Second, if anyone was to gain physical access to the machine they would be
able to see the credentials.

In short, best practices says that credentials should not be stored in
plaintext.

There are two ways of going about securing you databases.

1) Encryption is a possibility. You are correct about the problem with
storing a key. That kind of defines the chicken-and-the-egg problem in that
in order to secure secrets you must define new secrets. One way around this
would be to use the DPAPI that is part of Windows
(http://msdn.microsoft.com/library/de...ecNetHT07.asp).
This does not require that you use a key because it derives the key from
information on the system.
2) You can use trusted connections between SqlServer and your website.
This means that you do not have to store the username and password. You can
simply tell IIS to trust the webserver account.
"WebMatrix" <We*******@discussions.microsoft.com> wrote in message
news:73**********************************@microsof t.com...

您好，

我开发了一个连接到2个不同数据库服务器的Web应用程序。带有db username + password的连接字符串存储在
web.config文件中。
经过代码审查后，一位开发人员认为这是一个安全漏洞;因此应该保留连接字符串在其他地方或加密。
我的论点是web.config文件受IIS和Windows
安全保护
就是这种情况。另一个论点是，加密可能需要一个密钥或密码，而密钥或密码也必须存储在某个地方。难以在代码中对其进行编码意味着有人可以轻松地反汇编web
app .dll文件并获取该密钥，如果某人已经足够聪明以至于>违反了IIS和Windows安全。

我向您提出的问题：
1.任何现实生活中都要关注.config文件中的连接字符串
2.可以安全保存连接字符串的其他位置> 3.如果你建议加密，有什么加密方法，应该保留在哪里。

谢谢

Hello,

I have developed a web application that connects to 2 different database
servers. The connection strings with db username + password are stored in
web.config file.
After a code review, one developer suggested that it''s a security flaw;
therefore connection strings should be kept somewhere else or encrypted.
My argument is that web.config file is protected by IIS and Windows
security
which is the case. And another argument is that encryption would probably
require a key or cipher which also would have to be stored somewhere. Hard
coding it in the code would mean that someone could easily disassemble web
app .dll file and get that key, if someone already was smart enough to
breach
IIS and Windows security.

My questions to you:
1. Any real life concerns keeping connection strings in .config files
2. Other locations where connection strings can be kept securely
3. If you do recommend encryption, what encryption methods, Where should
key
be kept.

Thank you