Should I encrypt web.config on shared hosting?

Question

Should I encrypt web.config on shared hosting?

Good day. I took out some .net merging with web merging, but struggling for answers to their security setup.

In particular, I am used to full-fledged environments, since I work for a large utility company.

I usually encrypted some / all of my web.config, which I cannot do in an environment that supports IIS7 and do not allow me to specifically set the RSA key for my application.

So is my configuration file really safe? Do I have a fear that someone stole all my sensitive data from my database using an unencrypted connection string?

+6

c # asp.net web-config encryption shared-hosting

Barbloke6 Aug 10 '10 at 10:11

source share

2 answers

Tomtom · Answer 1 · 2010-08-10T10:14:23+0000

You are under serious business thinking web.config encryption helps. Basically, you are afraid that someone broke into your account, and if I can replace your web application, then the fact that the connection string is encrypted does not make sense, since I still need to have access to the decryption key.

Thus, I can always access the database under any circumstances.

Ben robinson · Answer 2 · 2010-08-10T10:29:30+0000

If you use shared hosting, there is an implicit trust between you and the hosting provider. They are system administrators and they control the infrastructure and systems on which your application is hosted. If the security of your software and data is such that you do not want to allow third parties access to them, you need to either get a dedicated server or a virtual server. Thus, you control the system from a defender, and their system administrators cannot access your data if they are all encrypted. Purchasing a configuration file on shared hosting is almost useless.

Should I encrypt web.config on shared hosting?

More articles: