How secure are appsettings in web.config?

T

Tim Wood

Just wondering how safe it is to include sensitive information such as a
database connection string in web.config.
 
C

Cowboy \(Gregory A. Beamer\)

In theory, very safe, as the config file is tied to the ASP.NET runtime. In
reality, who knows? Hackers are going to look for this type of information
and it is open text (in the 1.0/1.1 framework, at least). I would encrypt;
there are some good articles on MSDN for using the machine key to encrypt
secrets. In fact, the http://msdn.microsoft.com/architecture site has a
treasure trove of books on a variety of topics.

--
Gregory A. Beamer
MVP; MCP: +I, SE, SD, DBA

**********************************************************************
Think Outside the Box!
**********************************************************************
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Secure solution to backup IMAP to PST format in 2024 6
Secure Keyboard v2.0 Modern C++ Virtual Keyboard for Windows (Glassmorphism UI, Clipboard Auto-Clear) 0
Securing web.config appSettings - *** warning - long post *** 0
How to retrive payment result value after secure paytabs payment done in PayTabs payment gateway in asp.net 0
Multi-lined appsettings value in web config 11
Telethon Authorization. All sessions are reset after authorization 0
What risks of data corruption are reduced by divide large size PST files? 0
Introducing SecureScreenOverlay v2.1: An Open-Source Solution for Enhanced Screen Capture Protection on Windows 0

Members online

No members online now.
Total: 171 (members: 1, guests: 170)
Robots: 271

Forum statistics

Threads
474,432
Messages
2,571,682
Members
48,796
Latest member
Greg L.

Latest Threads

Top