Re: Best practice
- From: "7777" <NoSpam@xxxxxxxxxx>
- Date: Fri, 4 Sep 2009 13:15:04 -0700
Thanks a bunch Alexey, much appreciated. Will look into it. Cheers :-)
"Alexey Smirnov" <alexey.smirnov@xxxxxxxxx> wrote in message
news:fffce8de-9a51-4e9d-bfac-ee4a97aed194@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Sep 2, 8:17 pm, "7777" <NoS...@xxxxxxxxxx> wrote:
Sorry am under time constraint. What is the best practice in placing
asp.net published app files on the webserver, like in it's wwwroot or
above
it and should the web.config or all pertaining files be encrypted as in
will
these be secure from any web user from getting to it? Thanks in advance.
The web.config is not accessible via a browser. The dotnet framework
protected this file, if you will try to open it, you will get "This
type of page is not served". If you want to protect sensitive
information, like connection strings, from other users who has access
to the server you can encrypt by using aspnet_regiis tool. An
application can stay in wwwroot, I don't see any problem with this
directory.
.
- References:
- Best practice
- From: 7777
- Re: Best practice
- From: Alexey Smirnov
- Best practice
- Prev by Date: Re: web.config security
- Next by Date: Windows Authentication to SQL Server?
- Previous by thread: Re: Best practice
- Next by thread: Windows Authentication to SQL Server?
- Index(es):
