Redacting ASP.net web.config File Contents

Other than database connection strings, by default are there any sensitive values popula开发者_开发百科ted in web.config by Visual Studio 2008? What are PublicKeyToken values are these sensitive values? Would it be bad security practice to publish web.config files with connection strings redacted?

PublicKeyToken are not sensitive.

As to redacting connection strings, who are you afraid of? Who's going to get hold of your web.config?

Public key tokens are used in association with private key tokens to sign .NET assemblies. The public key tokens are not sensitive. As for connection strings, it is common practice to encrypt the connection string and keep them in the web.config.