In the old, old 7.0 there was no option to decrypt the database.config file so you could see/edit the database connection information. I remember there was a manual way to do it, but I can't find it now.
Anyone remember/know how to do that?
How to decrypt the database.config file?
How to decrypt the database.config file?
Joe Payne
AbleCommerce Custom Programming and Modules http://www.AbleMods.com/
AbleCommerce Hosting http://www.AbleModsHosting.com/
Precise Fishing and Hunting Time Tables http://www.Solunar.com
AbleCommerce Custom Programming and Modules http://www.AbleMods.com/
AbleCommerce Hosting http://www.AbleModsHosting.com/
Precise Fishing and Hunting Time Tables http://www.Solunar.com
-
Logan Rhodehamel
- Developer
- Posts: 4116
- Joined: Wed Dec 10, 2003 5:26 pm
Re: How to decrypt the database.config file?
This will probably get you there... it's an asp.net standard encryption not anything we did ourselves. http://diablopup.blogspot.com/2007/04/a ... onfig.html
Cheers,
Logan
.com
If I do not respond to an unsolicited private message, it's not because I'm ignoring you. It's because the answer to your question is valuable to others. Try the new topic button.
Logan
.comIf I do not respond to an unsolicited private message, it's not because I'm ignoring you. It's because the answer to your question is valuable to others. Try the new topic button.
Re: How to decrypt the database.config file?
I don't think that's going to work if the encrypted file was downloaded from a shared hosting environment, correct?
Joe Payne
AbleCommerce Custom Programming and Modules http://www.AbleMods.com/
AbleCommerce Hosting http://www.AbleModsHosting.com/
Precise Fishing and Hunting Time Tables http://www.Solunar.com
AbleCommerce Custom Programming and Modules http://www.AbleMods.com/
AbleCommerce Hosting http://www.AbleModsHosting.com/
Precise Fishing and Hunting Time Tables http://www.Solunar.com
Re: How to decrypt the database.config file?
I found an interesting backdoor in situations where the database string is encrypted and you're in a shared hosting environment.
Upload the Connection.aspx page and code-behind file from a 7.0.3 install into the ~/Admin/Store/Security/ folder.
Then modify the web.config file in the ~/Admin/Store/Security/ folder to include "Admin" as an allowed role. Just change Allow Roles="System" to Allow Roles="System,Admin" .
Now log into the site admin and hit the URL directly http://<mysite.com>/admin/store/security/connection.aspx
The page should load and will show you the fully unecrypted database connection string
This backdoor isn't meant for changing the string - I have no idea if the 7.0.3 code will work in that 7.0 environment. But at least now you can record your SQL db security info for future reference.
Upload the Connection.aspx page and code-behind file from a 7.0.3 install into the ~/Admin/Store/Security/ folder.
Then modify the web.config file in the ~/Admin/Store/Security/ folder to include "Admin" as an allowed role. Just change Allow Roles="System" to Allow Roles="System,Admin" .
Now log into the site admin and hit the URL directly http://<mysite.com>/admin/store/security/connection.aspx
The page should load and will show you the fully unecrypted database connection string
This backdoor isn't meant for changing the string - I have no idea if the 7.0.3 code will work in that 7.0 environment. But at least now you can record your SQL db security info for future reference.
Joe Payne
AbleCommerce Custom Programming and Modules http://www.AbleMods.com/
AbleCommerce Hosting http://www.AbleModsHosting.com/
Precise Fishing and Hunting Time Tables http://www.Solunar.com
AbleCommerce Custom Programming and Modules http://www.AbleMods.com/
AbleCommerce Hosting http://www.AbleModsHosting.com/
Precise Fishing and Hunting Time Tables http://www.Solunar.com