 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
.NET Forum / ASP.NET / Security / November 2003How secure are appsettings in web.config?
Just wondering how safe it is to include sensitive information such as a database connection string in web.config. In theory, very safe, as the config file is tied to the ASP.NET runtime. In reality, who knows? Hackers are going to look for this type of information and it is open text (in the 1.0/1.1 framework, at least). I would encrypt; there are some good articles on MSDN for using the machine key to encrypt secrets. In fact, the http://msdn.microsoft.com/architecture site has a treasure trove of books on a variety of topics.  SignatureGregory A. Beamer MVP; MCP: +I, SE, SD, DBA ********************************************************************** Think Outside the Box! ********************************************************************** > Just wondering how safe it is to include sensitive information such as a > database connection string in web.config. Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.