How secure are appsettings in web.config?

T

Tim Wood

Just wondering how safe it is to include sensitive information such as a
database connection string in web.config.
 
C

Cowboy \(Gregory A. Beamer\)

In theory, very safe, as the config file is tied to the ASP.NET runtime. In
reality, who knows? Hackers are going to look for this type of information
and it is open text (in the 1.0/1.1 framework, at least). I would encrypt;
there are some good articles on MSDN for using the machine key to encrypt
secrets. In fact, the http://msdn.microsoft.com/architecture site has a
treasure trove of books on a variety of topics.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

**********************************************************************
Think Outside the Box!
**********************************************************************
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Securing web.config appSettings - *** warning - long post *** 0
How to retrive payment result value after secure paytabs payment done in PayTabs payment gateway in asp.net 0
Multi-lined appsettings value in web config 11
Web.Config and appSettings tag 1
Connected SQLite to my java program but information are not submitted 2
web.config appSettings Store value with & character 1
Who are low code solutions designed for? 1
Challenge question in c 1

Members online

Total: 35 (members: 2, guests: 33)
Robots: 433

Forum statistics

Threads
473,755
Messages
2,569,536
Members
45,014
Latest member
BiancaFix3

Latest Threads

Top