web.config security


7

7777

Hello, other than a db connection string being in the 'web.config' file, are
there any other configuration settings within this file to be cautious as a
security risk? Thanks in advance.
 
Ad

Advertisements

C

Coskun Sunali [MVP]

Hi 7777,

Normally the answer is NO. However, it all depends on the developers. You
can store very critical information using appSettings, etc. No one can
guarantee you that there cannot be any other critical information inside
web.config. Smtp settings might also be considered as critical if you set
any kind of SMTP authentication criteria within the web.config file.
 
7

7777

Thanks for your reply Coskun much appreciated. So sorry for the delay as
much going on. Have another question in that what is the best security
practice for asp.net apps which includes it's web.config file in that is it
ok to place all of these app's files in the
'c:\Inetpub\wwwroot\ASPNET_TestApplicationFolder\' location as an
example?...or is it better to place the folder and files elsewhere?...should
it be encrypted?
 
Ad

Advertisements

G

Guest

Thanks for your reply Coskun much appreciated.  So sorry for the delay as
much going on.  Have another question in that what is the best security
practice for asp.net apps which includes it's web.config file in that is it
ok to place all of these app's files in the
'c:\Inetpub\wwwroot\ASPNET_TestApplicationFolder\' location as an
example?...or is it better to place the folder and files elsewhere?...should
it be encrypted?








- Show quoted text -

How do you want to encrypt the entire folder? A proper Windows
security must be applied to the folder where the website located. Look
for "iis security" on Microsoft's site. There are many articles about
this topic.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top