Back by popular demand, we now support web.config encryption on our servers. It is relatively safe to store database connections and other sensitive information in the web.config because IIS blocks HTTP access to the web.config file. But for those who desire additional security, you can now encrypt certain sections of the web.config file. The encryption process is not as straight forward as we would like, and we only recommend using this technique for more advanced developers. See this KB article for a basic guideline on how to encrypt configuration sections of your web.config. One of our developers has also created a simple application to demonstrate how to encrypt web.config programmatically. You may also want to read this related article for more information: http://weblogs.asp.net/scottgu/archive/2006/01/09/434893.aspx
Great Job, Bruce, thanks for the message! We had discussed this very same approach on other threads and at the time, it was not possible because of restricted access (by DPAPI) to the framework folders so you guys must have made some changes to allow for this method to work now. I think this is great support for developers on the part of DASP, regardless of the relative safety of unencrypted config files I think everyone feels better if they have the option to encrypt sections so thanks again for this great move in support of developers. Madvox
Glad you like this! We do listen to our customers; so if there's anything else that you want to see, let us know. If it make sense, we will defininitely look into it.
Links are fixed. Most links to other posts in this forum in old threads are going to fail, unfortunately. There was no way to convert them. We manually fix them where necessary, but most of them will be dead.
