encrypt connectionstring appsettings

hello,

We come from .net framework where this was in web.config and you could simply use IIS to encrypt this setting.

I cannot find any info on how one does this in nopcommerce now the connection is in the appsettings.

We need to find a way to do this and hopefully not by changing core code.

Also connection string is readable from backoffice by admin user and this is not how we would like it. But maybe encrypting can be a good start.

Thanks

You can restrict access to app settings using Access Control List
See Admin area. Manage App Setting
So create two levels of Admin user
Basic Admin and SuperAdmin
Only provide SuperAdmin with access to
- Admin area. Manage App Setting
and
- Admin area. Manage ACL

Also moved manage users to this super role so admin user cannot give itself the superuser role.

And the encryption of the connectionstring? any thoughts?

Encryption of the connection string is not supported out of the box.
There's an old GitHub issue about it, but they "decided not to implement it out of the box."

https://github.com/nopSolutions/nopCommerce/issues/2589