I'm installing/setting up BE.NET 2.0 RC and I have some questions about how to secure my blog before I upload it to my hosting provider. I'm using SQL Server 2008 R2 to store my data. So, here are my questions.
- Web.config: How to I encrypt web.config to protect my connectionString (the SQL account and pwd are stored as clear text)?
- Email: I see that dbo.be_Settings table stores the Settings\Email settings as clear text (including my account and pwd). Since this is stored in the database, I assume that this data is safe if I can encrypt web.config. Howerever,
how do protect the email login information in transmission to my email server? I see the <label for="ctl00_cphAdmin_cbEnableSsl">Enable SSL option, but no details on how to configure this option.</label>
- Users: I see my users storted in dbo.be_Users and the password is hashed. Again, I assume that this data is protected in my database if I encrypt web.config to protect my connectionString. But, how do I protect the login information when I log
into BE.NET from the login.aspx page? There doesn't seem to be a SSL option.
- XML Data: I noticed that even though I am using SQL Server to store my data, there are still files in the App_Data, like the users.xml file (which has the default admin defined). What can I do to get rid of this data I'm not using (delete files when
the data is stored in SQL, remove XmlBlogProvider if not really needed, etc.)?
- Windows Live Writer/MetaWeblog API: Again, I don't want my account information going over the wire as clear text. I see the option to <label for="ctl00_cphAdmin_cbRequireSslForMetaWeblogApi">Require SSL for MetaWeblog API, but no details
on how to set it up. What can I do to protect my login info when using WLW?</label>
Thanks in advance.