Results 1 to 5 of 5

Thread: [RESOLVED] [2005] RSA encryption: how to install to website when site is hosted by third party (

  1. #1

    Thread Starter
    Lively Member
    Join Date
    Aug 2007
    Posts
    88

    Resolved [RESOLVED] [2005] RSA encryption: how to install to website when site is hosted by third party (

    Ok. I have my ASP.NET test site up and running with an RSA encrypted connection string in the web.config file. This works fine on my local machine.

    I have added ASP.NET permissions to the key and have exported the key as an xml file. All good. The next step is for me to copy the xml file to the server and “install” the key there using the aspnet_regiis install command through a command window.

    Here is where I need some help. I have contacted the tech-support for my webhost (IX webhosting) and they have no idea what I am talking about. Has anyone had success in installing an RSA key to a web server hosted by a third party… or is this procedure only applicable when the servers belong to you?

  2. #2
    I'm about to be a PowerPoster! mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,170

    Re: [2005] RSA encryption: how to install to website when site is hosted by third party (

    Ah... you wanted to do this on a shared host? You should've mentioned that before. Unless you're really really lucky, the host isn't going to do this for you. It's applicable when you have remote access to the servers though, since you can run apps on it (and hence the commandline utilities required to do this).

    You see, the trouble is that it means that they'll need to 'maintain' your site, because if you change something in the config, they have to do this each time!

  3. #3

    Thread Starter
    Lively Member
    Join Date
    Aug 2007
    Posts
    88

    Re: [2005] RSA encryption: how to install to website when site is hosted by third party (

    Well, does that mean that nubs like me who are trying to take baby steps in to the ASP.NET world are relegated to exposing ourselves to security problems?

    I guess, with a lot of trouble, I could only expose a connection string to a database that houses the site user username and password, which I can encrypt. This way access to the private data would be somewhat safe from an attack.

    Or… are their other solutions for those of us who are running in this in-between area?

  4. #4

    Thread Starter
    Lively Member
    Join Date
    Aug 2007
    Posts
    88

    Re: [2005] RSA encryption: how to install to website when site is hosted by third party (

    Well, I got the official answer from my hosting service...

    "Unfortunately it is impossible to import this key into server. Also we do not provide any protectiong for connection strings inside web.config unfortunately. Also as far as I know our customers do not protect such data."

    I guess I will try my plan-B.

    Thanks for your help.

  5. #5
    I'm about to be a PowerPoster! mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,170

    Re: [RESOLVED] [2005] RSA encryption: how to install to website when site is hosted b

    You do have certain levels of protection. For example, the web.config file doesn't get served by IIS. You can also 'encode' your username and password and create a method to always decode them in your own app. The ASP.NET built-in encryption mechanism is just that - built in - so there's nothing stopping you from creating your own.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width