Wrox Programmer Forums

Need to download code?

View our list of code downloads.

Go Back   Wrox Programmer Forums > ASP.NET and ASP > ASP.NET 4 > BOOK: Beginning ASP.NET 4 : in C# and VB
Password Reminder
Register
Register | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read
BOOK: Beginning ASP.NET 4 : in C# and VB
This is the forum to discuss the Wrox book Beginning ASP.NET 4: in C# and VB by Imar Spaanjaars; ISBN: 9780470502211
Welcome to the p2p.wrox.com Forums.

You are currently viewing the BOOK: Beginning ASP.NET 4 : in C# and VB section of the Wrox Programmer to Programmer discussions. This is a community of tens of thousands of software programmers and website developers including Wrox book authors and readers. As a guest, you can read any forum posting. By joining today you can post your own programming questions, respond to other developers’ questions, and eliminate the ads that are displayed to guests. Registration is fast, simple and absolutely free .
DRM-free e-books 300x50
Reply
 
Thread Tools Search this Thread Display Modes
  #1 (permalink)  
Old August 27th, 2010, 07:38 PM
Authorized User
Points: 350, Level: 6
Points: 350, Level: 6 Points: 350, Level: 6 Points: 350, Level: 6
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jul 2010
Location: Eastern Michigan-Near Canada
Posts: 81
Thanks: 10
Thanked 3 Times in 2 Posts
Default Ch 9-Sending Email-Encrytping web.config

I did the assignment on p319 a week ago after Imar mentioned it to me in a previous post. Imar's post Aug 13, 2010

I did the exercise a week ago and successful on my own localhost server. I want to try and put on my GoDaddy hosting. Now the web.config file is supposed to be unaccessible to people with no access to my server files. However, some have mentioned using an encrypted web.config file?

http://ondotnet.com/pub/a/dotnet/200...onnstring.html

http://msdn.microsoft.com/en-us/library/dtkwfdky.aspx

I might be a bit paranoid, but I think it would pay to at least encrypt the passwords!
__________________
Bob
bdtcomp.com
http://lettersfromasoldier.com
Follow me on Twitter
“Success is not final, failure is not fatal: it is the courage to continue that counts.”~Winston Churchill
Reply With Quote
  #2 (permalink)  
Old August 28th, 2010, 04:02 AM
Imar's Avatar
Wrox Author
Points: 72,022, Level: 100
Points: 72,022, Level: 100 Points: 72,022, Level: 100 Points: 72,022, Level: 100
Activity: 100%
Activity: 100% Activity: 100% Activity: 100%
 
Join Date: Jun 2003
Location: Utrecht, Netherlands.
Posts: 17,076
Thanks: 80
Thanked 1,587 Times in 1,563 Posts
Default

Not sure what this post is about. Are you asking a qustion, or merely documenting your progress?

Imar
__________________
Imar Spaanjaars
http://Imar.Spaanjaars.Com
Follow me on Twitter

Author of Beginning ASP.NET 4.5 : in C# and VB, Beginning ASP.NET Web Pages with WebMatrix
and Beginning ASP.NET 4 : in C# and VB.
Did this post help you? Click the button below this post to show your appreciation!
Reply With Quote
  #3 (permalink)  
Old August 28th, 2010, 07:07 AM
Authorized User
Points: 350, Level: 6
Points: 350, Level: 6 Points: 350, Level: 6 Points: 350, Level: 6
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jul 2010
Location: Eastern Michigan-Near Canada
Posts: 81
Thanks: 10
Thanked 3 Times in 2 Posts
Default

Well actually, a bit of both. I try to put down the chapter and pages, or at least keep the key idea in the title.

But I have raised a very valid point. The exercise on page 319 raises a security issue. When you put your login information in any file on a server (and unecrypted) you raise the possiblity of it being exposed to anyone who can get access to your server.

One person raised the concern that you might change the extension say from web.config to web.txt and then anyone who entered www.yourdomain/webconfig.txt in the URL is going to get the text of this file.

Granted you can't get the web.config contents by just requesting the URL, but as some of the links I have looked at it isn't an impossibility!;-)
__________________
Bob
bdtcomp.com
http://lettersfromasoldier.com
Follow me on Twitter
“Success is not final, failure is not fatal: it is the courage to continue that counts.”~Winston Churchill

Last edited by btcomp; August 28th, 2010 at 10:10 AM..
Reply With Quote
  #4 (permalink)  
Old August 28th, 2010, 04:37 PM
Authorized User
Points: 350, Level: 6
Points: 350, Level: 6 Points: 350, Level: 6 Points: 350, Level: 6
Activity: 0%
Activity: 0% Activity: 0% Activity: 0%
 
Join Date: Jul 2010
Location: Eastern Michigan-Near Canada
Posts: 81
Thanks: 10
Thanked 3 Times in 2 Posts
Default

Quick note on my post. I don't believe GoDaddy supports encrypting because of shared hosting. I will just have to be careful with passwords in config.web file and probably good idea to change them often. If it is a mission critical company you would have a dedicated server and then encrypting would be easier and a good thing to do.
__________________
Bob
bdtcomp.com
http://lettersfromasoldier.com
Follow me on Twitter
“Success is not final, failure is not fatal: it is the courage to continue that counts.”~Winston Churchill
Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
App.Config and Web.Config conflict John.Burke ASP.NET 2.0 Professional 5 March 9th, 2010 11:51 AM
Sending email Sheraz Khan Classic ASP Basics 1 December 12th, 2009 12:58 AM
Fix for Web.config Error in ...\Chapter01\LINQforBinding Web Sites rogerj BOOK: Professional ADO.NET 3.5 with LINQ and the Entity Framework ISBN: 978-0-470-22988-0 0 February 18th, 2009 01:59 PM
web.config vs. app.config darlo Visual Studio 2005 11 August 20th, 2008 07:23 AM



All times are GMT -4. The time now is 08:23 PM.


Powered by vBulletin®
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.
© 2013 John Wiley & Sons, Inc.