I want to encrypt my web.config file to hide some sensitive data like passwords with aspnet_regiis.
Encryption is made with this code in the command prompt C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe -pef "appSettings" C:\inetpub\wwwroot\testweb
And I can decrypt it with this code (-pef changed to -pdf)
C:\Windows\Microsoft.NET\Framework64\v4.0.30319>aspnet_regiis.exe -pdf "appSettings" C:\inetpub\wwwroot\testweb
So my question is: Why should I even encrypt the file when it's so easy for anyone to decrypt it with above command? There is no "key" needed to encrypt/decrypt.
Or am I missing something?
Some hackers may steal the web.config but cannot access to the cmd.exe.