J
J.S.
Is it safe to have the database username and password in the web.config
file?
Thanks,
J.S.
--
file?
Thanks,
J.S.
--
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
G
Guest
Hi JS,
..config will not be served to the client by ASP.NET by default. So your
application users won't be able to access them off the browser.
If a person has a login, access to the application's web server and enough
privilages on the folder, he could access the web.config files. If you want
to prevent this too, you have different options. These links might help.
Using DPAPI:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT08.asp
Using Registry:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT11.asp
You could also just encrypt the string and store it in .config.
..config will not be served to the client by ASP.NET by default. So your
application users won't be able to access them off the browser.
If a person has a login, access to the application's web server and enough
privilages on the folder, he could access the web.config files. If you want
to prevent this too, you have different options. These links might help.
Using DPAPI:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT08.asp
Using Registry:
http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT11.asp
You could also just encrypt the string and store it in .config.
M
Marcel van eijkel ( www.vaneijkel.com )
What do you mean with safe: safe from who?
If you mean safe from anonimous web visitors: yes.
If you mean safe from administrator:no.
If you mean safe from hackers who managed to get access to your
webserver: without encryption: no...
Perhaps you can tell more?
Marcel van eijkel
( www.vaneijkel.com )
If you mean safe from anonimous web visitors: yes.
If you mean safe from administrator:no.
If you mean safe from hackers who managed to get access to your
webserver: without encryption: no...
Perhaps you can tell more?
Marcel van eijkel
( www.vaneijkel.com )
J
J.S.
Hi Marcel,
I think I did not frame my question well. What I would like to know is:
what is the best way to store database connection information (i.e. SQL
server address, username, password, database name) in ASP.Net 2.0?
Thanks,
J.S.
I think I did not frame my question well. What I would like to know is:
what is the best way to store database connection information (i.e. SQL
server address, username, password, database name) in ASP.Net 2.0?
Thanks,
J.S.
J
J.S.
Hi Rakesh,
Thanks for your response. I know .config files do not get served by ASP.Net
but I don't know what the best method to store connection information is. I
was planning to encrypt the string and store it in the .config file, as you
have suggested, but I wanted to know what more experienced users such as
yourself consider to be the best way to store this information where a) one
has full access to the web server and b) where one is on shared hosting.
I'll check out the links you have mentioned for using DPAPI and the
Registry.
Thanks,
J.S.
Thanks for your response. I know .config files do not get served by ASP.Net
but I don't know what the best method to store connection information is. I
was planning to encrypt the string and store it in the .config file, as you
have suggested, but I wanted to know what more experienced users such as
yourself consider to be the best way to store this information where a) one
has full access to the web server and b) where one is on shared hosting.
I'll check out the links you have mentioned for using DPAPI and the
Registry.
Thanks,
J.S.
J
jasonkester
With shared hosting, you're basically limited to compiling your
connection information into the .dll or using .config files. Neither
one works particularly well if you want to be able to deploy to
multiple environments with multiple database servers. In your case,
web.config seems fine.
Jason Kester
Expat Software Consulting Services
http://www.expatsoftware.com/
connection information into the .dll or using .config files. Neither
one works particularly well if you want to be able to deploy to
multiple environments with multiple database servers. In your case,
web.config seems fine.
Jason Kester
Expat Software Consulting Services
http://www.expatsoftware.com/
J
J.S.
Thanks, Jason!
J.S.
J.S.
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.
Similar Threads
Forum statistics
Latest Threads
-
Stephanie Beaudeau Emsworth is Running a Prostitution Ring
- Started by verona
-
Reverse search for a website
- Started by DRCM
-
What are the key advantages of using a SaaS (Software as a Service) model for application development?
- Started by remotedevelopers
-
How to build a database-driven web page
- Started by av3mar1a153
-
Hola
- Started by luuciefer
-
Using a DTSX file with GoDaddy
- Started by IBMJunkman
-
Hello Everyone
- Started by welly