开发者

Server-side application configuration security. Best practices

We publish server-side application to our customer workstation and customer's security guys are concerned about configuration connection strings safety.

Connection strings are stored as plain text right now, but as configuration file is not in the public/shared folder we supposed that workstation security itself is enough.

What are the ways to improve connection strings security further?

It is a big step forward to encrypt password and keep a decryption key on the same workstation? What are the steps we can take to keep connection strings (and alike开发者_C百科) information more and more securable?

Thank you in advance!


First of all, why do you need to protect connection strings? If you store there user credentials then may be it is better to use "Integrated Security" (if possible)..? In addition you could restrict user rights on database level.

But if you're sure that you really need to encrypt something in config then check this

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜