Reputation: 1317
Is it possible to get the web.config from a deployed Web Role?
I'm currently trying to decide the merits of encrypting the web.config for a Web Role deployed to Azure. The answer to this question seems highlights the importance of knowing who can access the instance:
Shall the DB ConnectionString within Web.config be encrypted when using Azure Cloud?
However, I was under the impression no-one could access a Web Role instance in a way that would allow them to read the web.config.
So my question is this: Is it possible to get the web.config from a deployed Web Role?
For example: Is there an option in the Azure Portal I haven't seen? Would it be possible to access via another deployment?
Upvotes: 2
Views: 612
Answers (2)
Reputation: 1317
In addition to @sharptooth's general points about web application and cloud security, it is also possible to directly connect to Azure Web/Worker roles if you have previously configured them to do so:
MSDN: Using Remote Desktop with Windows Azure Roles
The configuration can be changed from the Azure Management Console. So if you've got the RDC references imported in your service definition (for example if you've connected via RDC in the past) then the role can always be reconfigured to allow RDC access to its instances (even if the original RDC account has expired).
Here is a reference to the service definition and configuration sections I refer to: MDSN: How to Define and Configure a Remote Desktop Connection
Upvotes: 0
Reputation: 170499
First of all, having web.config contents unencrypted means anyone who can access the service package can access the web.config contents - and that can be more people than you want. For example, if you have an automatic build anyone in your company who sees the build results will see that data. You decide whether that's acceptable.
Next, don't forget that there're vulnerabilities in software. It might happen that at some point a vulnerability is found in IIS that allows for easy download of web.config.
Next, if you ever happen to have customErrors turned off and you have something misconfigured in web.config it might happen that whoever does an HTTP request to your web role will see an error message from IIS saying that this and that is misconfigured in web.config and showing part of web.config where the misconfiguration happened. That might happen to expose your secret - here's an example of similar exposure. Not very probable, but technically possible.
Finally, with all respect to all cloud providers you don't really control how data is being handled at datacenters. They might throw away an undestroyed disk or some employee may be corrupt and your service package may leak. Not very probable, but technically possible. If you ask questions like this one (and that's a very good question to ask) you should account for this risk too.
So as usual there's no absolute security. All you can is just raise the bar. Storing connection string in encrypted form properly certainly raises the bar.
You might also be interested in answers to this related question.
Upvotes: 4
Related Questions
- Azure role configuration management
- How to get full list of CloudConfiguration from inside a web service at runtime?
- Can I access web.config from my Azure web role entry point?
- Transform web.config on azure
- Azure Web Role configuration settings across environments
- Can you get Target Environment web.config transforms when packaging an Azure Web Role?
- Migrating to Azure Web Role - porting the web.config file
- Is it possible to update configuration settings programmatically?
- Azure web role no longer copies web.config to role directory
- Azure web role process not loading web.config?