Home/ Questions/Q 661047
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T23:13:30+00:00

We developed an application to edit the web.config settings. The user has to locate

  • 0

We developed an application to edit the web.config settings. The user has to locate the web.config file which they like to edit. Once their task is completed they can download the web.config file with the changes made by them. Since the web.config file has the database server information and passwords I have a concern that will it cause any security problem.
If so how can I rectify it?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Better encrypt your Connection string….

    For ref MSDN article

    You can use the following method to secure the the webconfig.

    if there exist the following code at web.config.

    <connectionStrings>
  <add name="yjsDBConnectionString" connectionString="Data Source=HUAJLI-XP\SUN;Initial Catalog=yjsDB;Integrated Security=True"
   providerName="System.Data.SqlClient" />
 </connectionStrings>

    Then we can use the following code to protect it.

     protected void Encryption()
    {

        Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);
        ConfigurationSection section = config.ConnectionStrings;

        if (!section.SectionInformation.IsProtected)
        {
            section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
            section.SectionInformation.ForceSave = true;
            config.Save(ConfigurationSaveMode.Modified);
        }

    }

    And you can use the following code to Decrypting it.

      protected void Decrypting()   
 {   
     Configuration config = WebConfigurationManager.OpenWebConfiguration(Request.ApplicationPath);  
     ConfigurationSection section = config.ConnectionStrings;   

     if (section.SectionInformation.IsProtected)   
     {   
         section.SectionInformation.UnprotectSection();   
         section.SectionInformation.ForceSave = true;   
         config.Save(ConfigurationSaveMode.Modified);   
     }   
 }
    • 0