Password : where ?

  • Thread starter Thread starter Gloops
  • Start date Start date
G

Gloops

Hello everybody,

Where would you advise me to post a question about how to store a
password (in fact a connection string) on an aspx server ?

If I remember correctly there is IIS on the server, but not on my
machine as it runs with Windows XP Home.

I learned you can crypt a connection string in the web.config with
aspnet_regiis -provided there is IIS on the machine- but ... the doc is
not very clear about doing that remotely. And I do not suppose the usual
way is to take the train to the server -during office time- to come and
type the command :)
 
Gloops said:
Hello everybody,

Where would you advise me to post a question about how to store a password
(in fact a connection string) on an aspx server ?
Click to expand...
It would be on the machine hosting IIS and in the Web.config of the
application being hosted IIS.
If I remember correctly there is IIS on the server, but not on my machine
as it runs with Windows XP Home.
Click to expand...

You as an end-user from your client machine has no control over connection
strings, which would be in a Web.config file sitting on an IIS server,
remotely.
I learned you can crypt a connection string in the web.config with
aspnet_regiis -provided there is IIS on the machine- but ... the doc is
not very clear about doing that remotely. And I do not suppose the usual
way is to take the train to the server -during office time- to come and
type the command :)
Click to expand...

What are you trying to do here, as it makes no sense? Also, this is a Vista
forum and not an IIS Web server or .Net progrsmmer's forum, which seems to
be where you should be making your post.


__________ Information from ESET NOD32 Antivirus, version of virus signature database 4441 (20090919) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 
<snipped>

Oops, is see you are posting to the correct forum, my mistake. There should
be a post callback.


__________ Information from ESET NOD32 Antivirus, version of virus signature database 4441 (20090919) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com
 
Hello everybody,

Where would you advise me to post a question about how to store a
password (in fact a connection string) on an aspx server ?

If I remember correctly there is IIS on the server, but not on my
machine as it runs with Windows XP Home.

I learned you can crypt a connection string in the web.config with
aspnet_regiis -provided there is IIS on the machine- but ... the doc
is not very clear about doing that remotely. And I do not suppose the
usual way is to take the train to the server -during office time- to
come and type the command :)
Click to expand...

Set up IIS locally. Set the machine key section of your web.config. use
the tool to encrypt locally. Then make sure the web.config has the
machine keys when deployed to the server so it can decrypt the section.

Peace and Grace,

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

Twitter: @gbworld
Blog: http://gregorybeamer.spaces.live.com

My vacation and childhood cancer awareness site:
http://www.crazycancertour.com

*******************************************
| Think outside the box! |
*******************************************
 
Gregory A. Beamer a écrit, le 21/09/2009 16:48 :
Set up IIS locally. Set the machine key section of your web.config. use
the tool to encrypt locally. Then make sure the web.config has the
machine keys when deployed to the server so it can decrypt the section.
Click to expand...


Oh, I thought I had read somewhere that IIS could not run on a machine
with Windows XP Home. Well, where can I find it ? Is it free ?
 
Mr. Arnold a écrit, le 19/09/2009 22:09 :
It would be on the machine hosting IIS and in the Web.config of the
application being hosted IIS.
Click to expand...

Hum, I am afraid it does not seem easy to understand each other.
You propose me to post a question in the web.config ?

At this time my connection string is in the web.config, but in full
text, clearly readable (supposing somebody manages to read the
web.config). I should like it to be crypted.

I imagine the best way is to use aspnet_regiis. Supposing I cannot, I
imagined a solution as writing an encryption module to upload on the
server, but then there are two questions : where to store the encryption
key, and how to be sure a pirat could not download the encryption module ?
You as an end-user from your client machine has no control over
connection strings, which would be in a Web.config file sitting on an
IIS server, remotely.
Click to expand...

OK but how do you mean ?
I can modify it via FileZilla, but run an IIS command on it ?
Or you mean run IIS on my machine and send the encrypted web.config
afterwards ?

What about the encryption keys ? I read somewhere that with
aspnet_regiis they are saved in the register, so is not it a problem to
encrypt the web.config on a machine before sending it on another ?
 
Gregory A. Beamer a écrit, le 21/09/2009 16:48 :




Oh, I thought I had read somewhere that IIS could not run on a machine
with Windows XP Home. Well, where can I find it ? Is it free ?
Click to expand...

I did not read XP Home, so you are officially out of luck. If I remember
correctly, however, there was a site that showed how to set up IIS on XP
Home. It requires an XP Pro disk, if I remembered correctly, of course.

Peace and Grace,

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

Twitter: @gbworld
Blog: http://gregorybeamer.spaces.live.com

*******************************************
| Think outside the box! |
*******************************************
 
Gregory A. Beamer a écrit, le 25/09/2009 16:52 :
I did not read XP Home, so you are officially out of luck. If I remember
correctly, however, there was a site that showed how to set up IIS on XP
Home. It requires an XP Pro disk, if I remembered correctly, of course.
Click to expand...

Well, thank you.

I eventually realized that this was an IIS question, and that there is
an IIS group (and even one per language).

I got the beginning of an answer in French, telling something that did
not surprise me a lot. It was a pity to arrive at the week-end when
realizing where to ask the question : now I have to wait for Monday :)
 
Back
Top