Is storing connection strings in web.config the most secure solution? Is there a way to store them on the server to which they are deployed to, instead (as a system DSN, for example, though I believe t开发者_高级运维hose are cumbersome)?.
I'm moving my work codebase to BitBucket, and for some reason am extremely uncomfortable with the idea of having a web.config that contains a database username/password on a machine that I don't have draconian control over. I may just be acting irrationally; never hosted any code externally.
You can encrypt sections of your web.config. You could do that for the ConnectionStrings Section. MSDN link available here.
If you are concerned about the security of your connection strings you have the possibility to encrypt them.
Personally I think this case is overblown. ASP.Net by default will never serve your web.config file no matter how hard a determined hacker tries to get it.
![Interactive visualization of a graph in python [closed]](https://www.devze.com/res/2023/04-10/09/92d32fe8c0d22fb96bd6f6e8b7d1f457.gif)
加载中,请稍侯......
精彩评论