Encrypting configuration files
Release 1.0 - ...
Some smartsite configuration files may contain security sensitive information like connection strings and Windows user accounts. These sections can be encrypted to avoid that they may be read by individuals who should not see this information. They can be encrypted with the ConfigEditor and with the command line tools ConfigProtect.
These tools use the configuration protection providers that are installed on your server. Normally these are installed:
- RsaProtectedConfigurationProvider
- DataProtectionConfigurationProvider
Example
When the Smartsite.data.config file is not encrypted, a connection string looks like this.
XML | Copy Code |
---|---|
<database id="AdventureWorks"> <connectionstring>Provider=SQLOLEDB.1;Password=secret;Persist Security Info=True;User ID=sa;Initial Catalog=AdventureWorks;Data Source=db1</connectionstring> </database> |
XML | Copy Code |
---|---|
<database id="AdventureWorks"> <SecureConfigElement provider="RsaProtectedConfigurationProvider"> <EncryptedData Type="http://www.w3.org/2001/04/xmlenc#Element" xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#tripledes-cbc" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <EncryptedKey xmlns="http://www.w3.org/2001/04/xmlenc#"> <EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#rsa-1_5" /> <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> <KeyName>Rsa Key</KeyName> </KeyInfo> <CipherData> <CipherValue>DHCtkt39bOVhb/nztoqDn5KUUu0TqrFLshYvpsa5AMAsCRyLfndRZqOV2QZwhzGQN8hyDq4ySd05e/NdH+ZeTRXcjKzRzS5qZcymVpEwmfhOl4qUKFTDwEv2DX++0fuqqEzNu/cUkrVJTktvKAUv6OwLmHBI4FINTfXApB8T4nI=</CipherValue> </CipherData> </EncryptedKey> </KeyInfo> <CipherData> <CipherValue>YtV+kpkiIixHP8mPEXelN5uj3dQn8CXP/t6Rt51+lgoZNsraAvVd4gnSsuI1AmKkB5+IPvgvz81Cs+RAL0+0VIn7mqBpPcN46h7WzT2Z9ngKwVdHlzUYlnwRJ+h3vSS/m/XkftY1v0uB0HdSs1+rkVoyyuYgCIIJrPm3lHoP88RVPmEHSfYCoiBJ9WGj5LURMvjs8qxYjAf7LsA3vu3POHYs8xJY6Bvi6X+9EsmRoNFI4fe97mHPuCsUD2pPVshT79wcPWyLG8+2jc9Cmp3+48ju+Y4h59GilHA28t0Hg/nnDn2JEJRtcDd3OMDbI2nh</CipherValue> </CipherData> </EncryptedData> </SecureConfigElement> </database> |