Encrypt Connection String in Web.Config - Why?

Question

I know it is possible to encrypt the connection-string stored in the web.config,
And I know you could never be too safe, but since the web.config cannot be viewed or downloaded, why is it needed? in what way is it more secure?

[EDIT:] I'm not using a shared-hosting server.

Answer 1

I think you have answered your own question by saying "you could never be too safe"

The fact that web.config cannot be viewed or downloaded is not a guarantee that an attack from inside your organization could not occur. Someone with the right access could breach the security and get the data if it is visible in plain sight. While as you said, attack via Http is unlikely to get this file, others who have right access could still access through other means such as remote file access, remote desktop, etc. Encrypting + assigning proper access/authorization are making a tad more difficult for the attacker to try to break your system.

In security, you simply have to be paranoid and took every measure you think possible in order to make the data as safe as possible and it's your job giving the attacker a hard time to retrieve any information. I don't think there is such thing as 100% secure. In some sense, you would always be vulnerable to a security threat, all we could do is try to minimize it as much as possible.

Answer 2

If someone breaks into your server, he is not able to see all sensitive information without any further work. And if you deploy your application to some "cloud" service your credentials won't be exposed to everyone maintaining the service.

Edit: Also some Administrator or users that have access to the Server won't be able read the clear text credentials.

Answer 3

If you deploy your website to a customer's web server and want to keep the credentials secret.