How secured is the ASP.NET 2.0 web.config encryption?

  • Thread starter Thread starter Anonieko
  • Start date Start date
A

Anonieko

Okay, I use impersonation in my web.config by putting the username and
password at <system.web><identity> section...

Okay, I can encrypt this section via this command

C> aspnet_regiis -pef "system.web/identity" c:\proj\adservice


But what is the point? Anybody can still decrypt it by doing...

C> aspnet_regiis -pef "system.web/identity" c:\proj\adservice


How can I prevent this from happening?
 
Anonieko said:
Okay, I use impersonation in my web.config by putting the username and
password at <system.web><identity> section...

Okay, I can encrypt this section via this command

C> aspnet_regiis -pef "system.web/identity" c:\proj\adservice


But what is the point? Anybody can still decrypt it by doing...
Click to expand...


Only if "Anybody" can go to the web server and runs that command (it implies
the "Anybody" is an admin to that server.
 
Back
Top