What is the point of encrypting web.config if user can just decrypt it?
Oi, some vendor is telling m开发者_StackOverflow中文版y bosses that not encrypting the web.config is big security hole. This sounds like bunk to me. I mean, if someone compromises the server aren't we screwed anyways?
Like @Joelt suggested, ASP.NET had a security issue semi recently that allowed people to access files in the root web etc. Now, this issue could have existed for a long time. Alternatively, there could be a secret flaw right now that no one knows about except some leet punks ... which means we're all vulnerable right now. I mean, until the ASP.NET team (and security people a week or two before them) announced that previous flaw ... how long was that out in the wild? How many people exploited that?
So - that's the general idea. If for some reason a flaw exists - where people can remotely gain access to files - including web.config - then your data could be known.
Now - the kicker is this. So .. someone might find out about my DB name, DB ip addy and DB password .. right? but they need to access my internal DB ... so good luck there. BUT, my web.config might have my twitter username password in there? (Ding! light just turned on). My 3rd party api username/passwords. etc.
THAT is where the real security issue lies, IMO.
I'd hate it if u learn my companies twitter username/password and then start defacing our twitter account.
The encryption does not mean that you are protected. The private key needed for decryption is stored on the server, so if your server is compromised your web.config can be decrypted.
We only encrypt the connection string section of the web.config. It helps prevent other prying eyes from easily accessing our connection strings especially in the development environment (which is often much less secure than your production environments).
The encryption is just a small piece to the layered security. It is by no means an end-all solution for protecting your sensitive information.
There was a recently released security hole in ASP.net that would have allowed a remote user to access any file in the web root, including web.config, without accessing the entire server. Additionally, there may be login information in the web.config that allows compromising one server to compromise another.
Sort of. In my case, I host on a shared hosting account. So a lot of people have access to my account and the files stored there.
Personally, I don't worry about it too much. But, if someone had a mind to, they could access that information. And even if you own the server, if it's a company then there could be a lot of people who have access to it.
For critical data, encrypting it makes sense.
精彩评论