How secure are appsettings in web.config?

Ask a Question related to ASP.NET Security, Design and Development.

  1. Tim Wood #1

    Default How secure are appsettings in web.config?

    Just wondering how safe it is to include sensitive information such as a
    database connection string in web.config.


    Tim Wood Guest
    Reply With Quote Reply With Quote

    2. Similar Questions and Discussions

    1. Web.Config and appSettings tag
      I am storing a database connection string in a key/value pair in the appSettings tag of the web.config file as follows: <appSettings> <add...
    2. How: Ampersand in AppSettings value??
      I am wondering how i can put an ampersand character into the value attribute of a key in the appSettings section of my web.config file. If i try to...
    3. Intermittent problem reading appSettings in Web.Config
      Are you positive this is a web config issue? You yourself say you don't know what is being returned. When you resave web.config, this restarts...
    4. appSettings problem!
      Hello! I have one problem with the appSettings on win2k srv machine with framework 1.1. Following line not work anymore (it worked fine with...
    5. ConfigurationSettings.AppSettings Error
      Hello Chris, When you are experiencing this problem? What are you including in the AppSettings Config file. Are you using long string? What...
  2. Cowboy \(Gregory A. Beamer\) #2

    Default Re: How secure are appsettings in web.config?

    In theory, very safe, as the config file is tied to the ASP.NET runtime. In
    reality, who knows? Hackers are going to look for this type of information
    and it is open text (in the 1.0/1.1 framework, at least). I would encrypt;
    there are some good articles on MSDN for using the machine key to encrypt
    secrets. In fact, the [url]http://msdn.microsoft.com/architecture[/url] site has a
    treasure trove of books on a variety of topics.

    --
    Gregory A. Beamer
    MVP; MCP: +I, SE, SD, DBA

    ************************************************** ********************
    Think Outside the Box!
    ************************************************** ********************
    "Tim Wood" <tww@nomail.com> wrote in message
    news:u3g$sB2sDHA.2380@TK2MSFTNGP09.phx.gbl...
    > Just wondering how safe it is to include sensitive information such as a
    > database connection string in web.config.
    >
    >

    Cowboy \(Gregory A. Beamer\) Guest
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may post replies
  • You may not post attachments
  • You may not edit your posts

Forum Rules


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139