Should you encrypt data in the app.config and web.config under this situtation?

I am developing an mvc 2 web application. My clients will most likely want a copy of my application to be hosted on their servers instead of me hosting it on my server for all clients.

However I see a problem with this because I was planning to use the .net 2.0 encryptor to encrypt my web.config to make it safer. I got to thinking well I am only going to give them my .dll and views and etc their not going to get the soultion of my file so they can load it up and have a look at what is going on.

So what happens if I encrypt the web.config and all of a sudden the database connect string changes? Let it be the address changes or the username/ password changes.

How would they change it if it is encrypted? Would that mean I would have to rebuild my site and send them a new copy with the changes? Or is their a different way?

If there is no other way it got me thinking should I? What happens if some thing happens and for whatever reason I can't get the new changes to them until 48 hours later. That means they can't use the service for 48 hours.

I have no problem providing support but when it starts coming to little things that they probably should have control to change in the first place they probably should.

I would prefer to have it encrypted but at the same time if I have to make all changes to the web.config that is not good either. Since it could open up different security concerns as they have to get the changes to me some how.


If your only concern is encrypting the database connection strings, this article explains how you can remove sections of web.config to separate files, and then encrypt/decrypt those.

You identify the external files in configSource attributes. The web.config file would then look like this:

<?xml version="1.0"?>
<configuration xmlns="">
 <appSettings configSource="appSettings.config"/>
 <connectionStrings configSource="connections.config"/>
 <compilation debug="true" />
 <authentication mode="Windows"/>
 <identity impersonate="true"/>

Then you can deal with connections.config in one of the manners suggested by others here.

You could create an installer or management utility that they could run, pick a new server and database, and you store the chosen server/database into your config files in the encrypted format.

I would provide a configuration utility that allows them to change the connection settings. It could read the settings from your config file. Personally I would create a seperate encrypted xml file for runtime configurable settings. You could even use an encryption method that encrypts it using the user's profile so that another user could not decrypt it by hacking your application.

Edit: I wouldn't use a command line util, because you need to be able to encrypt the user provided values at runtime. Just use the .NET Framework or a library like Bouncy Castle Crypto.

What prevents any joe schmoe hacker from decrypting your config file is the secrecy of the key you use to encrypt it. You could have the user provide a password for the file, which you generate a key from, but they have to provide the password when the program is going to run and needs to access the config file. There are key containers for the machine and the user that you can use to encrypt the file. The machine key will encrypt the file such that you can access the key in any context on the machine. Whatever you use, you have to think about the context of where the config file is going to be used because you need to have access to the key to decrypt the file.

Need Your Help