Protect Sensitive Data in Your Configuration Files

- J.D. Meier, Carlos Farre, Jason Taylor, Prashant Bansode, Steve Gregersen, Madhu Sundararajan, Rob Boucher

Protect the sensitive data, such as SQL connection strings, in your configuration files by encrypting it. Connection strings stored in plaintext are dangerous, because an attacker that can compromise a server will be able to read those connection strings. Even if a machine is not compromised, connection strings stored in plain text are accessible to administrators and any other users with sufficient privileges on the host machine and/or Windows domain.

Use DPAPI to encrypt the sensitive data in the configuration file on your WCF server machine. To encrypt the <connectionStrings> section by using the DPAPI provider with the machine-key store (the default configuration), run the following command from a command window:
aspnet_regiis -pe "connectionStrings" -app "/MachineDPAPI" -prov "DataProtectionConfigurationProvider"

The aspnet_regiis options are:
  • -pe: Specifies the configuration section to encrypt.
  • -app: Specifies your Web application's virtual path. If your application is nested, you need to specify the nested path from the root directory; for example, "/test/aspnet/MachineDPAPI".
  • -prov: Specifies the provider name.

If you need to encrypt configuration file data on multiple servers in a Web farm, use the RSA protected configuration provider because of the ease with which you can export RSA key containers.

Additional Resources

Last edited Jun 12, 2008 at 11:41 PM by prashantbansode, version 1


No comments yet.