Although Microsoft has given us the API classes and web services to work with SharePoint. Many programmers try to reach to the database and perform the select queries.
This is not recommended at all, and that is why MS has given us the object model and web service to work with for SharePoint.
However in case if you use database for querying purpose and if you are storing the database connection information in web config file of your web application and referencing from the code somewhere, then I would strongly recommend you to secure this connection string.
It does not depend on whether you are connecting with windows authentication or forms authentication. Hiding server name and database name is as important as hiding user name and password.
So here are simple steps to perform for securing and encrypting the connection strings. Remember we should encrypt all connection strings mentioned in connectionstring tag in web.config.
Remember that encryption happens on the basis of RSA provider.
Open the visual studio command prompt. Type in this commend
aspnet_regiis -pe "connectionStrings" -app "/SPKings"
Where SPkings is the web application and here is the result of this encryption.
After this encryption, you do not need to perform any decryption in your code. Runtime will automatically decrypt this connectionstring for you. There will be very light performance issue, very light, However this is okay according to me instead of opening the username, password or server name and database name to any other person.
No comments:
Post a Comment