Encrypting appSettings in web.config

I am developing a web app which requires a username and password to be stored in the web.Config, it also refers to some URLs which will be requested by the web app itself and never the client.

I know the .Net framework will not allow a web.config file to be served, however I still think its bad practice to leave this sort of information in plain text.

Everything I have read so far requires me to use a command line switch or to store values in the registry of the server. I have access to neither of these as the host is online and I have only FTP and Control Panel (helm) access.

Can anyone recommend any good, free encryption DLL's or methods which I can use? I'd rather not develop my own!

Thanks for the feedback so far guys but I am not able to issue commands and and not able to edit the registry. Its going to have to be an encryption util/helper but just wondering which one!

Answers


EDIT: If you can't use asp utility, you can encrypt config file using SectionInformation.ProtectSection method.

Sample on codeproject:

Encryption of Connection Strings inside the Web.config in ASP.Net 2.0


Need Your Help

MySQL GROUP BY doesn't work when migrated to SQL Server 2012

mysql sql sql-server

I'm moving my Delphi application from MySQL to SQL server 2012. In MySQL I had this query:

Group by in node.js-mongodb

node.js mongodb mongodb-query aggregation-framework monk

I want to use group by in my server.js, but i get this error:

About UNIX Resources Network

Original, collect and organize Developers related documents, information and materials, contains jQuery, Html, CSS, MySQL, .NET, ASP.NET, SQL, objective-c, iPhone, Ruby on Rails, C, SQL Server, Ruby, Arrays, Regex, ASP.NET MVC, WPF, XML, Ajax, DataBase, and so on.