加密 Windows 身份验证连接字符串
我正在使用 Windows 身份验证访问 SQL Server 数据库
- 我是否需要加密 web.config 中的连接字符串?
- 连接字符串(或数据库)的名称对于安全性重要吗? (即:
ApplicationServices
?
I am accessing an SQL Server database using Windows Authentication
- Do I need to encrypt the connection string in the web.config?
- Does the name of the connection string (or database) matter in terms of security? (viz:
ApplicationServices
?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
我不同意克劳斯比斯科夫的观点。无论如何,我都会加密你的连接字符串。当然,服务器名称确实是暴露的全部内容。但这至少给了我们一个目标。加密连接字符串将删除该目标。
了解是成功的一半。
至于连接字符串名称,我只是保持模糊,而不是将其命名为生产数据库服务器的名称或类似名称。
I disagree with klausbyskov. I would encrypt your connection string regardless. Sure, the server name is really all that is being exposed. But that at least puts a target out there. Encrypting the connection string would remove that target.
Knowing is half the battle.
As far as the connection string name, I'd just keep it vague, and not name it the name of your production database server or anything like that.
没有。那是没有用的。使用 Windows 身份验证时,您的应用程序将以从代码打开
DBConnection
的用户身份进行连接,如果是 Web 应用程序,则通常是网络服务。不,除非该名称也是您的域管理员密码。
编辑:在一个疯狂的世界中,数据库服务器的名称是秘密的,那么加密连接字符串也许是有意义的。
No. It would be useless. When using Windows Authentication your app is connecting as the user that opens the
DBConnection
from code, typically network service if it's a web app.No, unless the name is also your domain admin password.
EDIT: In a crazy world where the name of your database server was secret, then maybe it would make sense to encrypt the connection string.