开发者

Security and Global variable

Is there any security risks to using a global variable (single开发者_开发问答ton) initialized in the global.asax file. I plan on storing app settings like connection strings in there.

Thanks


As long as you don't expose it with any interface there is no security risk in having anything in memory as far as I know. However, consider using ConfigurationManager for the purpose of accessing and managing the configuration ;)


No, not in itself. The global.asa file is protected by IIS, so that you can for example not browse to it to try to get it to reveal any information.

The only risk is if you have code anywhere that reads from the variable and does something like put it on a page or store it in a cookie.

If this is for ASP.NET, it the global.asax file that you use instead. You can also use the web.config file to store some information, then it's editable without having to recompile the application.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜