Actual question: Is it considered best practice to store clear text connection strings in a web.config 开发者_运维知识库file in an ASP.Net web application?
Background:
Currently developing a web application which I want to be able to install on different sites (where I will only have plain text editing). The application requires a number of different connection strings (which will obviously be different depending on which site the app is deployed on) so I want to be able to store all the connection strings (with usernames and passwords) in the web.config.The Best Practice is to Encrypt the Connection Strings . Refer This
Will the sites be running on a windows domain? My preferred practice is to use integrated security, rather than usernames and passwords. In such a case, the app pool under which the site runs is set to run as a particular user. This is abstracted from the actual web code. In this case, you don't have to worry about encrypting user names and passwords. The server address is stored in clear text, but no passwords are... In the web config, add your connection strings to your connectionStrings element:
<connectionStrings>
<add
name="MyDbConn"
Provider="System.Data.SqlClient"
connectionString="Server=MyDbServer; Integrated Security=SSPI; Initial Catalog=MyDb;" />
</connectionStrings>
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论