another question about encrypting web.config sections -- asp.net security

Keith G Hicks
4/5/2008 2:16:50 PM

I added a page to my site (in a secure folder that only my login has access
to) that lets me (and only me) encrypt or decrypt the web.config at will.
Ok, so far so good.

What I don't understand is that if a hacker can get to my web.config,
certainly he could probably get to my encrypt/decrypt page and run the
decrypt button. If I delete that page from the site, so what? Anyone who
knows this stuff could put a similar page up there.

I really don't see the point of all of this. It seems like locking your
front door but leaving the key on a nail near the door knob. I must be
missign something. Can anyone shed some light on this for me? It seems so
full of holes.

Thanks,

Keith

Dominick Baier
4/14/2008 6:37:06 AM

Well - there are two different threat models

- reading data on a machine
and
- executing code on that machine

the latter is obviously much harder.

The purpose of protected config is to protect you against threat #1.

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

[quoted text, click to view]

asp.net security : another question about encrypting web.config sections