IIS Server Security, IIS and encryption

microsoft.public.inetserver.iis.security - About IIS Web Server Security Issues


IIS Server Security >> IIS and encryption

by janobermudes@microsoft.com » Fri, 29 Aug 2003 19:45:45 GMT

Hi,

Quick question. Is IIS capable of encrypting a database
connection string file to an Oracle database? I know this
is possible at the ASP level but want to avoid making
changes to an off the shelf web application.

I took this up with Oracle who advised that it was a
Microsoft Issue.

Thanks
Jano

Top

IIS Server Security >> IIS and encryption

by Keith W. McCammon » Fri, 29 Aug 2003 20:45:39 GMT


If you're talking about encrypting it as it traverses the network, it's
neither an Oracle nor an IIS issue, but something best handled by IPSec.

If you're talking about encrypting the file itself, use EFS.

If you want to encrypt the string within the file, use ASP (not sure how
effective this would be, however, as it would have to be decrypted to be
passed).

" XXXX@XXXXX.COM " < XXXX@XXXXX.COM > wrote in





Top
Similar Threads

1. IIS SSL Encryption handshake information 

We have a servlet that is served by Tomcat. IIS is employed to redirect ot 
Tomcat via AJP. IIS is also SSL enabled as our data is sensistive.

I am setting IIS to use SSL encryption on the default website. I have a 
redirector that forwards request to Tomcat

I wish to call a jsp in Tomcat and pass SSL encrypted data. BUT, to start 
the SSL handshake off, I am making a jsp request with the data I wish to be 
SSL encrypted.

My question is

If I call a jsp from a browser and pass it some parameters that need to be 
sent encrypted, do the parameters get SSL encrypted BEFORE they are sent, or 
are they sent clear text, then the SSL Handshake, then all other data sent 
is encrypted?

2. IIS SMTP TLS with 256 bit encryption on IIS 6

3. IIS SMTP TLS with 256 bit encryption on IIS 6 [repost] 

All,

Is there a way to make Windows 2003 IIS 6 support 256 bit TLS? As far as I
have read, IIS6 does not support it. I really need this up and running ASAP!
Do I need to use Apache to do this?

If there is a way for IIS 6, please follow up with info and links if
possible.

Thanks,

FastEddie

4. IIS: WWW: WAS dependencies on Vista: Password encryption not working

5. encryption strength of SSL certificate for IIS 

I have a CA server installed and on installation I 
selected "Microsoft Enhanced Cryptographic Provider" for 
CSP and a key length of 4096.

Now when I requested a Server Certificate for my IIS 
Server, the first time I just left the defaults 
of "Microsoft Base Cryptographic Provider" and a key 
length of 512. Then I installed the certificate and 
configured IIS to use it.

Now when I visit my webpage the lock icon shows at the 
bottom of my browser and when I hold my mouse over it, it 
says that I have SSL 128-bit.

-------

So to see if I could increase the SSL encryption I 
requested, installed and setup IIS to use a different 
Server Certificate which used the "Microsoft Enhanced 
Cryptographic Provider" and a key length of 2048.

Now when I visit my webpage it shows that I still am using 
SSL 128-bit encryption



I am confused. I thought that by selecting a the enhanced 
CSP and greater key length that this would increase my 
encryption.
Could someone please clarify ??

Thanks

6. Sending ASP email with SSL encryption - Asp.Net

7. ActiveX Encryption 

I have read many postings with developers asking about file
encryption, hashing, string encryption, etc.  I found an ActiveX
component that is only 25 bucks that I use.  It has worked very well
for me.  I only write about 4 lines of code and get encryption
algorithms like (MD2, MD4, MD5, SHA, SHA1).  I have not had any
problems yet with it.  Just thought I'de let you all know.

Gary

8. Photo Encryption