Sql server connection string web config
The application would then load the encrypted value from the config file, decrypt the value, and then use the decrypted value as the connection string to connect to the database.
The best way to secure the database connection string is to encrypt the value within the configuration file. In order to protect the database, you have to protect the connection string, so that if an attacker is able to get access to the files on the web server or application server, the attacker is not able to use the connection string to attack the database. When the connection strings are stored in plain text, they provide a wealth of information to an attacker, typically everything that an attacker would need to break into a database. This connection string is typically stored in plain text to make it easy to edit and easy to change as the application is moved from development, to QA, to staging, and to production. Typically, the connection string will be stored in a configuration file somewhere within the application or web server. to use to connect to the SQL Server instance. Denny Cherry, in Securing SQL Server (Third Edition), 2015 Protecting Your Connection StringsĪpplications use connection strings to identify the server instance and database to connect to and to determine what driver, login, etc.