Security and Global variable
Is there any security risks to using a global variable (single开发者_开发问答ton) initialized in the global.asax file. I plan on storing app settings like connection strings in there.
Thanks
As long as you don't expose it with any interface there is no security risk in having anything in memory as far as I know. However, consider using ConfigurationManager for the purpose of accessing and managing the configuration ;)
No, not in itself. The global.asa
file is protected by IIS, so that you can for example not browse to it to try to get it to reveal any information.
The only risk is if you have code anywhere that reads from the variable and does something like put it on a page or store it in a cookie.
If this is for ASP.NET, it the global.asax
file that you use instead. You can also use the web.config
file to store some information, then it's editable without having to recompile the application.
精彩评论