Re: How secure are appsettings in web.config?
From: Cowboy \(Gregory A. Beamer\) (NoSpamMgbworld_at_comcast.netNoSpamM)
Date: 11/25/03
- Next message: Brad: "Re: Forms Authentication: login page in a separate web app"
- Previous message: Jim Cheshire [MSFT]: "Re: Forms Authentication: login page in a separate web app"
- In reply to: Tim Wood: "How secure are appsettings in web.config?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 25 Nov 2003 09:54:46 -0600
In theory, very safe, as the config file is tied to the ASP.NET runtime. In
reality, who knows? Hackers are going to look for this type of information
and it is open text (in the 1.0/1.1 framework, at least). I would encrypt;
there are some good articles on MSDN for using the machine key to encrypt
secrets. In fact, the http://msdn.microsoft.com/architecture site has a
treasure trove of books on a variety of topics.
-- Gregory A. Beamer MVP; MCP: +I, SE, SD, DBA ********************************************************************** Think Outside the Box! ********************************************************************** "Tim Wood" <tww@nomail.com> wrote in message news:u3g$sB2sDHA.2380@TK2MSFTNGP09.phx.gbl... > Just wondering how safe it is to include sensitive information such as a > database connection string in web.config. > >
- Next message: Brad: "Re: Forms Authentication: login page in a separate web app"
- Previous message: Jim Cheshire [MSFT]: "Re: Forms Authentication: login page in a separate web app"
- In reply to: Tim Wood: "How secure are appsettings in web.config?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
