Re: Looking for ASP.NET/SQL Server 2000 App Security Recommendations
From: Peter O'Reilly (Peter_OReilly@timeinc.com**no_spam**)
Date: 09/18/02
- Next message: george d lake: "Re: javascript code"
- Previous message: Kelvin: "Avoid multiple user login"
- In reply to: Kenneth Courville: "Looking for ASP.NET/SQL Server 2000 App Security Recommendations"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Peter O'Reilly" <Peter_OReilly@timeinc.com**no_spam**> Date: Wed, 18 Sep 2002 15:49:47 -0400
I guess the main question that I'm trying to answer is how should the
connection string information be stored for and accessed by the
application? I know that I don't want to hard code this information.
One possibility is to store the connection string in an encrypted format within the web.config file like this...
<configuration>
<appsettings>
<add key="DBconnect" value="<my connection string info goes here >"
</appsettings>
</configuration>
In the connection string, set the Persist Security Info named value to false, so it will hide security sensitive info, like password from being exposed in connection string property of the SqlConnection object.
For retrieval...
using System.Configuration;
private string getDBconnectString() {
return ConfigurationSettings.AppSettings["DBconnect"];
}
I suppose and less preferred - the registry or a separate text/binary file could be used as well.
Hope this helps.
-- Peter O'Reilly
- Next message: george d lake: "Re: javascript code"
- Previous message: Kelvin: "Avoid multiple user login"
- In reply to: Kenneth Courville: "Looking for ASP.NET/SQL Server 2000 App Security Recommendations"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
