Remote DB Access Security

[Roman]

I have set deployed my application in shared hosting environment.
I have, currently, configured connection to remote sql server db in
web.config.

My concern is,

1) Since db username/password is in web.config, is there a way for
someone to see it?
2) Can the password be intercepted during network communication? Is
encryption deterent to password interception? How do you specify it?

Considering my operating environment, is there more secure sql server
db access configuration?

Thanks in advance

 

[Cowboy \(Gregory A. Beamer\)]

I have set deployed my application in shared hosting environment.
I have, currently, configured connection to remote sql server db in
web.config.

My concern is,

1) Since db username/password is in web.config, is there a way for
someone to see it?

Possibly, but they will likely have to compromise the server. If this is
ASP.NET 2.0, see if you can encrypt the conn string.

2) Can the password be intercepted during network communication? Is
encryption deterent to password interception? How do you specify it?

Intercepted. Unlikely, as this is internal to your provider. Encrypting will
not stop sniffing, but it has to be done on the inside, so I would not be
overly concerned.

If this is a high security app, I would consider paying more and having your
own server, virtual or real.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

*************************************************
Think outside the box!
*************************************************