i thinking security of web config file in asp.net application, point of view web config file contains connection string applications database, , security important.
in asp.net application, connection string may retrieved web config file using:
configurationmanager.connectionstrings["connectionstring"] assuming new key connection string, able somehow send request server , response, or there sort of security prevent happening.
if able so, how , done prevent eg encrypting connection string?
edit: not duplicate of question encrypting connection string in web.config question asking if possible trick server giving information out, , if how can prevent it. named question asking how encrypt data, related not same
asp.net never serve out web.config file (or other .config file) via http, answer no, should not worry that.
if still worried contents of web.config file being somehow exposed, have encrypting file.
regarding connection strings in particular, use integrated security, way, don't have expose db user/pass in connection string.
https://msdn.microsoft.com/en-us/library/bsz5788z%28v=vs.140%29.aspx
Comments
Post a Comment