Asp.net web application tool - application settings. SQL credentials?
Just wandering if its a good idea to put开发者_StackOverflow社区 username and password in the application settings?
If not where is the best place to store these?
--Jonesy
Since web.config is a protected file there will be no direct access to it. You will probably be fine storing your connection credentials there.
However - You can go a bit further and encrypt the appSettings in your web.config
Walkthrough: Encrypting Configuration Information Using Protected Configuration
Configuration files will be an ideal place for keeping the details about the database credential.But if you are worried about its security as its stored in plain text , then in asp.net you can encrypt a particular section of your webconfig file.Encyption can be done either by making use of aspnet_regiis.exe utility by providing relevant command line arguments.Otherwise encryption can also be done through code with the help of "WebConfigurationManager" class.Also You don’t need to unprotect a section in order to read the configuration settings in that section, the runtime will perform the decryption necessary for your application to read the plain text values.
E.g :- aspnet_regiis.exe
C:\>aspnet_regiis -pdf "connectionStrings" "C:\Projects\My Site"
here pdf argument is used to specify file path.
E.g :- Using WebConfigurationManager
protected void toggleEncryption(object sender, EventArgs e)
{
Configuration config;
config = WebConfigurationManager.OpenWebConfiguration("~");
ConnectionStringsSection section;
section = config.GetSection("connectionStrings")
as ConnectionStringsSection;
if (section.SectionInformation.IsProtected)
{
section.SectionInformation.UnprotectSection();
}
else
{
section.SectionInformation.ProtectSection(
"DataProtectionConfigurationProvider");
}
config.Save();
WriteMessage("connections protected = " +
section.SectionInformation.IsProtected);
}
精彩评论