tag:blogger.com,1999:blog-4971377397859266634.post8283381049707605805..comments2023-10-28T06:42:22.807-04:00Comments on Keeping up with Microsoft.: Encrypt/Decrypt connection strings in web.configRohit Guptahttp://www.blogger.com/profile/08950669136315735108noreply@blogger.comBlogger2125tag:blogger.com,1999:blog-4971377397859266634.post-63129826414992942302008-10-13T18:19:00.000-04:002008-10-13T18:19:00.000-04:00Even if someone can get your web.config via FTP, s...Even if someone can get your web.config via FTP, still you are safe since the passwords are encrypted hence cannot be decrypted anywhere else... so no one can steal passwords even if they get the web.config via FTP.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-4971377397859266634.post-1759146363085607842008-03-24T07:53:00.000-04:002008-03-24T07:53:00.000-04:00Hi All,Thanks for your reply and advice.My problem...Hi All,<BR/><BR/>Thanks for your reply and advice.<BR/><BR/>My problem is that if someone can log into the server via<BR/>an FTP program (I use WS_FTP), then the web.config is<BR/>easily viewable with no restrictions.<BR/><BR/>The encryption schemes you mentioned are to deny people<BR/>access via a web browser? I will look into hashed<BR/>passwords, but if someone gets into my site via an FTP<BR/>program, does this encryption do anything?<BR/><BR/>Thanks!Ravihttps://www.blogger.com/profile/13787501821855633811noreply@blogger.com