Reputation: 749
Protect central app.config
I have an application which is executed when a user logs out. This is achieved via GPO. The application needs access to a database.
My App.config contains the connection string. I tried to encrypt it using aspnet_regiis but I just read that this works only per machine. While it worked on mine flawless it of course crashed on other machines.
I can not find another way on how to protect the connection string in this scenario. I have no setup so I can not execute aspnet_regiis on the local machine. How do you usually handle this problem?
Could you deploy the key for encrypting the App.config via GPO? Where do I find that key?
Upvotes: 1
Views: 70
Answers (1)
Reputation: 183
It's very hard if not impossible to achieve this.
See: http://www.grouppolicy.biz/2013/11/why-passwords-in-group-policy-preference-are-very-bad/
You will need to create a service that recieves the requests and communicates with the database, this service will be run on your server and thus you can keep your connectionstring safe.
One way would be to create a webpage that recieves postdata from the clients.
Upvotes: 1
Related Questions
- Adding some basic layer of security to the app.config file in WPF
- how to secure app.config, while it is intended to be used on several machines?
- Is it really possible to protect a connection string in app. config?
- Secure storing sensitive config data such as connection string
- Protecting Section in App.config file Console Application
- How to encrypt app.config?
- How to protect WinForms ConnectionString
- How to protect web.config connection string from other developers?
- Accessing App.config
- ConnectionStrings in app.config. What about security?