How secure are appsettings in web.config?

Discussion in 'ASP .Net Security' started by Tim Wood, Nov 25, 2003.

  1. Tim Wood

    Tim Wood Guest

    Just wondering how safe it is to include sensitive information such as a
    database connection string in web.config.
     
    Tim Wood, Nov 25, 2003
    #1
    1. Advertising

  2. In theory, very safe, as the config file is tied to the ASP.NET runtime. In
    reality, who knows? Hackers are going to look for this type of information
    and it is open text (in the 1.0/1.1 framework, at least). I would encrypt;
    there are some good articles on MSDN for using the machine key to encrypt
    secrets. In fact, the http://msdn.microsoft.com/architecture site has a
    treasure trove of books on a variety of topics.

    --
    Gregory A. Beamer
    MVP; MCP: +I, SE, SD, DBA

    **********************************************************************
    Think Outside the Box!
    **********************************************************************
    "Tim Wood" <> wrote in message
    news:u3g$...
    > Just wondering how safe it is to include sensitive information such as a
    > database connection string in web.config.
    >
    >
     
    Cowboy \(Gregory A. Beamer\), Nov 25, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Marina
    Replies:
    2
    Views:
    2,816
  2. Jason Shohet
    Replies:
    5
    Views:
    3,477
    Jason Shohet
    Dec 23, 2003
  3. Eric Sabine

    appSettings key in web.config causes error

    Eric Sabine, Jul 28, 2004, in forum: ASP .Net
    Replies:
    5
    Views:
    4,842
    Jim Cheshire [MSFT]
    Jul 28, 2004
  4. =?Utf-8?B?Um9iZXJ0IFBmZWZmZXI=?=

    appsettings in web.config hangs aspnet_wp

    =?Utf-8?B?Um9iZXJ0IFBmZWZmZXI=?=, Jan 17, 2005, in forum: ASP .Net
    Replies:
    4
    Views:
    2,308
    Steven Cheng[MSFT]
    Jan 19, 2005
  5. Jeff Robichaud

    <appSettings> in another file (not web.config)

    Jeff Robichaud, Feb 4, 2005, in forum: ASP .Net
    Replies:
    3
    Views:
    5,287
    DalePres
    Feb 5, 2005
Loading...

Share This Page