开发者

ASP.Net Web Application - Is there a best practice method for where to keep connection strings?

开发者 https://www.devze.com 2023-02-17 17:59 出处:网络
Actual question: Is it considered best practice to store clear text connection strings in a web.config 开发者_运维知识库file in an ASP.Net web application?

Actual question: Is it considered best practice to store clear text connection strings in a web.config 开发者_运维知识库file in an ASP.Net web application?

Background:

Currently developing a web application which I want to be able to install on different sites (where I will only have plain text editing). The application requires a number of different connection strings (which will obviously be different depending on which site the app is deployed on) so I want to be able to store all the connection strings (with usernames and passwords) in the web.config.


The Best Practice is to Encrypt the Connection Strings . Refer This


Will the sites be running on a windows domain? My preferred practice is to use integrated security, rather than usernames and passwords. In such a case, the app pool under which the site runs is set to run as a particular user. This is abstracted from the actual web code. In this case, you don't have to worry about encrypting user names and passwords. The server address is stored in clear text, but no passwords are... In the web config, add your connection strings to your connectionStrings element:

<connectionStrings>
  <add 
    name="MyDbConn" 
    Provider="System.Data.SqlClient" 
    connectionString="Server=MyDbServer; Integrated Security=SSPI; Initial Catalog=MyDb;" />
</connectionStrings>
0

精彩评论

暂无评论...
验证码 换一张
取 消

关注公众号