About Connection string
-
Is it secure to place connection string in our assembly ? for example store it in a variable in our business class .or its better to place it in web.config file. tell me why ?
-
Is it secure to place connection string in our assembly ? for example store it in a variable in our business class .or its better to place it in web.config file. tell me why ?
The web.config file is plain text. An assembly is compiled. Which would be easier to read? You can encrypt the config file. You can also use a tool, such as ILdasm, to view the inards of an assembly, but this is a little more difficult than simply opening a plain text xml file.
only two letters away from being an asset
-
Normally it is good to put the connection string in web.config file.
Best Regards, Apurva Kaushal
Not normally. There are valid and useful reasons for not storing it in the config file.
only two letters away from being an asset
-
Is it secure to place connection string in our assembly ? for example store it in a variable in our business class .or its better to place it in web.config file. tell me why ?
Hi, The connection string should be only on the web.config file. use CipherData class so that we can encrypt it. then it will be very much secure. Happy Coding
With Regards Satips
-
Is it secure to place connection string in our assembly ? for example store it in a variable in our business class .or its better to place it in web.config file. tell me why ?
-
Is it secure to place connection string in our assembly ? for example store it in a variable in our business class .or its better to place it in web.config file. tell me why ?
Storing it in your business layer should be the last resort, as will require recompiling and redeploying every time you need to change it. Other options are: - store in web.config as clear text - store in web.config as encrypted string (ASP.NET v2 feature) - store encrypted in registry (current server) with registry keyname stored in web.config It all depends on how secure you want it to be (who else has access to your web.config file?) and your deployment process (manual/automated). .leON.