The best possible Way to Encrypting Connection-String

Hi allIt's been a while that something has kept my mind busy , Imagine we have stored The Connection-String (with which we can connect to Our database for example Sql Server) in [web.Config] and for some vulnerabilities of our FTP someone could access the FTP in this situation the hacker can openmy Web.Config file and gains the appropriate UserID and Password for logging into my Database and .....So i want to know is there any straight-forwardway to Encrypt ( eg. hashing) The Connection string or i should do it Myself ? i just wanted to know the best possible way that the other expert use in their own App's !!!Thanks in advance.Kind Regards.

Hi,

To encrypt the configuration files there are many possible ways.

This is one of the good link
http://msdn2.microsoft.com/en-us/library/ms998280.aspx

Which deals the encryption in various ways.

Even with the ConfigurationManager class also we can do the ecnryption programatically.

While deploying the application this has to be taken care.

Thanks,
Manas

use following code to encrypt connection string

if u want to encrypt the connection string then

call this function by passingtrueparameter

likeEncryptConfig(true);

and to decryptEncryptConfig(false)

publicvoid EncryptConfig(bool IsEncrypt)

{

string path ="/tipsandtrics"; // ur application name

Configuration config =WebConfigurationManager.OpenWebConfiguration(path);

ConfigurationSection appSettings = config.GetSection("connectionStrings");if (IsEncrypt)

{

appSettings.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");

}

else

{

appSettings.SectionInformation.ProtectionProvider.Name.ToString();

appSettings.SectionInformation.UnprotectSection();

}

config.Save();

}

check at

http://groups.google.com/group/a-c-net/browse_thread/thread/cab3d7cf6d778057