Wrox Programmer Forums
| Search | Today's Posts | Mark Forums Read
BOOK: Beginning ASP.NET 4 : in C# and VB
This is the forum to discuss the Wrox book Beginning ASP.NET 4: in C# and VB by Imar Spaanjaars; ISBN: 9780470502211
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Beginning ASP.NET 4 : in C# and VB section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old August 27th, 2010, 07:38 PM
Authorized User
Points: 350, Level: 6
Points: 350, Level: 6 Points: 350, Level: 6 Points: 350, Level: 6
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jul 2010
Location: Eastern Michigan-Near Canada
Posts: 81
Thanks: 10
Thanked 3 Times in 2 Posts
Default Ch 9-Sending Email-Encrytping web.config

I did the assignment on p319 a week ago after Imar mentioned it to me in a previous post. Imar's post Aug 13, 2010

I did the exercise a week ago and successful on my own localhost server. I want to try and put on my GoDaddy hosting. Now the web.config file is supposed to be unaccessible to people with no access to my server files. However, some have mentioned using an encrypted web.config file?

http://ondotnet.com/pub/a/dotnet/200...onnstring.html

http://msdn.microsoft.com/en-us/library/dtkwfdky.aspx

I might be a bit paranoid, but I think it would pay to at least encrypt the passwords!
__________________
Bob
bdtcomp.com
http://lettersfromasoldier.com
Follow me on Twitter
“Success is not final, failure is not fatal: it is the courage to continue that counts.”~Winston Churchill
 
Old August 28th, 2010, 04:02 AM
Imar's Avatar
Wrox Author
Points: 70,322, Level: 100
Points: 70,322, Level: 100 Points: 70,322, Level: 100 Points: 70,322, Level: 100
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,089
Thanks: 80
Thanked 1,576 Times in 1,552 Posts
Default

Not sure what this post is about. Are you asking a qustion, or merely documenting your progress?

Imar
__________________
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Follow me on Twitter

Author of Beginning ASP.NET 4.5 : in C# and VB, Beginning ASP.NET Web Pages with WebMatrix
and Beginning ASP.NET 4 : in C# and VB.
Did this post help you? Click the button below this post to show your appreciation!
 
Old August 28th, 2010, 07:07 AM
Authorized User
Points: 350, Level: 6
Points: 350, Level: 6 Points: 350, Level: 6 Points: 350, Level: 6
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jul 2010
Location: Eastern Michigan-Near Canada
Posts: 81
Thanks: 10
Thanked 3 Times in 2 Posts
Default

Well actually, a bit of both. I try to put down the chapter and pages, or at least keep the key idea in the title.

But I have raised a very valid point. The exercise on page 319 raises a security issue. When you put your login information in any file on a server (and unecrypted) you raise the possiblity of it being exposed to anyone who can get access to your server.

One person raised the concern that you might change the extension say from web.config to web.txt and then anyone who entered www.yourdomain/webconfig.txt in the URL is going to get the text of this file.

Granted you can't get the web.config contents by just requesting the URL, but as some of the links I have looked at it isn't an impossibility!;-)
__________________
Bob
bdtcomp.com
http://lettersfromasoldier.com
Follow me on Twitter
“Success is not final, failure is not fatal: it is the courage to continue that counts.”~Winston Churchill

Last edited by btcomp; August 28th, 2010 at 10:10 AM..
 
Old August 28th, 2010, 04:37 PM
Authorized User
Points: 350, Level: 6
Points: 350, Level: 6 Points: 350, Level: 6 Points: 350, Level: 6
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jul 2010
Location: Eastern Michigan-Near Canada
Posts: 81
Thanks: 10
Thanked 3 Times in 2 Posts
Default

Quick note on my post. I don't believe GoDaddy supports encrypting because of shared hosting. I will just have to be careful with passwords in config.web file and probably good idea to change them often. If it is a mission critical company you would have a dedicated server and then encrypting would be easier and a good thing to do.
__________________
Bob
bdtcomp.com
http://lettersfromasoldier.com
Follow me on Twitter
“Success is not final, failure is not fatal: it is the courage to continue that counts.”~Winston Churchill




Similar Threads
Thread Thread Starter Forum Replies Last Post
App.Config and Web.Config conflict John.Burke ASP.NET 2.0 Professional 5 March 9th, 2010 11:51 AM
Sending email Sheraz Khan Classic ASP Basics 1 December 12th, 2009 12:58 AM
Fix for Web.config Error in ...\Chapter01\LINQforBinding Web Sites rogerj BOOK: Professional ADO.NET 3.5 with LINQ and the Entity Framework ISBN: 978-0-470-22988-0 0 February 18th, 2009 01:59 PM
web.config vs. app.config darlo Visual Studio 2005 11 August 20th, 2008 07:23 AM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.