Best practice

Discussion in 'ASP .Net Security' started by 7777, Sep 2, 2009.

  1. 7777

    7777 Guest

    Sorry am under time constraint. What is the best practice in placing
    asp.net published app files on the webserver, like in it's wwwroot or above
    it and should the web.config or all pertaining files be encrypted as in will
    these be secure from any web user from getting to it? Thanks in advance.
    7777, Sep 2, 2009
    #1
    1. Advertising

  2. On Sep 2, 8:17 pm, "7777" <> wrote:
    > Sorry am under time constraint.  What is the best practice in placing
    > asp.net published app files on the webserver, like in it's wwwroot or above
    > it and should the web.config or all pertaining files be encrypted as in will
    > these be secure from any web user from getting to it?  Thanks in advance.


    The web.config is not accessible via a browser. The dotnet framework
    protected this file, if you will try to open it, you will get "This
    type of page is not served". If you want to protect sensitive
    information, like connection strings, from other users who has access
    to the server you can encrypt by using aspnet_regiis tool. An
    application can stay in wwwroot, I don't see any problem with this
    directory.
    Alexey Smirnov, Sep 4, 2009
    #2
    1. Advertising

  3. 7777

    7777 Guest

    Thanks a bunch Alexey, much appreciated. Will look into it. Cheers :)


    "Alexey Smirnov" <> wrote in message
    news:...
    On Sep 2, 8:17 pm, "7777" <> wrote:
    > Sorry am under time constraint. What is the best practice in placing
    > asp.net published app files on the webserver, like in it's wwwroot or
    > above
    > it and should the web.config or all pertaining files be encrypted as in
    > will
    > these be secure from any web user from getting to it? Thanks in advance.


    The web.config is not accessible via a browser. The dotnet framework
    protected this file, if you will try to open it, you will get "This
    type of page is not served". If you want to protect sensitive
    information, like connection strings, from other users who has access
    to the server you can encrypt by using aspnet_regiis tool. An
    application can stay in wwwroot, I don't see any problem with this
    directory.
    7777, Sep 4, 2009
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Robert Rossney
    Replies:
    0
    Views:
    547
    Robert Rossney
    Feb 7, 2006
  2. Bryan Ax
    Replies:
    0
    Views:
    605
    Bryan Ax
    Jun 26, 2003
  3. Mako
    Replies:
    2
    Views:
    348
  4. Mark
    Replies:
    1
    Views:
    422
    Natty Gur
    Jul 28, 2003
  5. oldyork90
    Replies:
    1
    Views:
    154
    Jeremy J Starcher
    Sep 10, 2008
Loading...

Share This Page