2

I'm currently trying to decide the merits of encrypting the web.config for a Web Role deployed to Azure. The answer to this question seems highlights the importance of knowing who can access the instance:

Shall the DB ConnectionString within Web.config be encrypted when using Azure Cloud?

However, I was under the impression no-one could access a Web Role instance in a way that would allow them to read the web.config.

So my question is this: Is it possible to get the web.config from a deployed Web Role?

For example: Is there an option in the Azure Portal I haven't seen? Would it be possible to access via another deployment?

Community
  • 1
  • 1
Stu Pegg
  • 1,287
  • 2
  • 14
  • 41

2 Answers2

4

First of all, having web.config contents unencrypted means anyone who can access the service package can access the web.config contents - and that can be more people than you want. For example, if you have an automatic build anyone in your company who sees the build results will see that data. You decide whether that's acceptable.

Next, don't forget that there're vulnerabilities in software. It might happen that at some point a vulnerability is found in IIS that allows for easy download of web.config.

Next, if you ever happen to have customErrors turned off and you have something misconfigured in web.config it might happen that whoever does an HTTP request to your web role will see an error message from IIS saying that this and that is misconfigured in web.config and showing part of web.config where the misconfiguration happened. That might happen to expose your secret - here's an example of similar exposure. Not very probable, but technically possible.

Finally, with all respect to all cloud providers you don't really control how data is being handled at datacenters. They might throw away an undestroyed disk or some employee may be corrupt and your service package may leak. Not very probable, but technically possible. If you ask questions like this one (and that's a very good question to ask) you should account for this risk too.

So as usual there's no absolute security. All you can is just raise the bar. Storing connection string in encrypted form properly certainly raises the bar.

You might also be interested in answers to this related question.

Community
  • 1
  • 1
sharptooth
  • 167,383
  • 100
  • 513
  • 979
0

In addition to @sharptooth's general points about web application and cloud security, it is also possible to directly connect to Azure Web/Worker roles if you have previously configured them to do so:

MSDN: Using Remote Desktop with Windows Azure Roles

The configuration can be changed from the Azure Management Console. So if you've got the RDC references imported in your service definition (for example if you've connected via RDC in the past) then the role can always be reconfigured to allow RDC access to its instances (even if the original RDC account has expired).

Here is a reference to the service definition and configuration sections I refer to: MDSN: How to Define and Configure a Remote Desktop Connection

Stu Pegg
  • 1,287
  • 2
  • 14
  • 41