加密并不意味着你得到保护。需要解密私钥存储在服务器上，因此，如果您的服务器被攻破你的web.config可以解密。

The encryption does not mean that you are protected. The private key needed for decryption is stored on the server, so if your server is compromised your web.config can be decrypted.

我们只能加密web.config中的连接字符串部分。它有助于prevent其他窥探轻易访问尤其是在开发环境中我们的连接字符串（这往往比生产环境安全的要少得多的）。

We only encrypt the connection string section of the web.config. It helps prevent other prying eyes from easily accessing our connection strings especially in the development environment (which is often much less secure than your production environments).

加密仅仅是一小片的分层安全。这绝不是为保护您的敏感信息的终极解决方案。

The encryption is just a small piece to the layered security. It is by no means an end-all solution for protecting your sensitive information.