被加密的web.config毫无意义?毫无意义、web、config

2023-09-03 07:46:03 作者:何如旧颜

我今天看的博客(http://somewebguy.word$p$pss.com/2009/07/20/is-encrypting-your-web-config-a-waste-of-time/)有关这两个如何使用aspnet_regiis的工具来加密你的AppSettings /的ConnectionStrings等。

I was reading a blog today (http://somewebguy.wordpress.com/2009/07/20/is-encrypting-your-web-config-a-waste-of-time/) about both how to encrypt your appsettings/connectionstrings etc. using the aspnet_regiis tool.

他有一个跟进后与别人说这是浪费时间的一些反馈。

He has a follow up post with some feedback from others saying this is a waste of time.

我的问题是,你有什么感想?你完全一旦有人获得物理访问你的web.config文件反正大清洗?或者,这是一个值得precaution?

My question is, what do you think? Are you totally hosed as soon as anyone gets physical access to your web.config files anyway? Or is this a worthwhile precaution?

推荐答案

我不认为这是毫无意义的。如果有人到你的Web服务器获得访问权限,是的,你是在一个很大的麻烦。这是否意味着你需要让他们获得相同的访问你的数据库/中间层/应用服务器呢?

I don't think it is pointless. If someone does gain access to your web server, yes you are in a lot of trouble. Does that mean that you need to allow them to gain that same access to your database/middle-tier/application server as well?