At my shop we are used to store connections strings in the .config file. But when we had to update it in several applications in the same machine someone gave the idea of storing it on t开发者_StackOverflowhe windows registry.
Is this a good idea? What are the implications (security)?
You can store it in machine.config. All .config files will inherit any connection strings defined therein unless explicitly cleared.
We are storing common data in the registry in encrypted form. modifying Machine.config is a very scary operation. ;) One disadvantage is a registry security. And 64bit windows can make working with registry a very weird. especially on WoW mode.
Also registry for administrators is a very old and well known friend (backup, restore, import, export etc is not a new for them). as for machine.config I wish they never wants touch it.
Maybe you could just have a common component (WCF or otherwise) that you reference for connection strings. That way you'd only have to store the string in one place.
I wouldn't use the Windows Registry for application specific settings like that, though I know plenty of other apps do...
I agree with the machine.config method. However, the easier way to do it would be to create a directory somewhere on your file system with an encrypted xml file. Use Dpapi for example and then just create a common class that reads, decrypts the file and returns the connection string. Remember to have a fallback method to get the configuration data if someone deletes that file. As pointed out before, the machine.config can be overwritten, same goes for this approach. Directory permissions can be used to set read restrictions and deny write to all but the developers. This should keep it safe from being "accidentally" overwritten and at the same time ensure that no one can read the data in there (even though this is moot without the key)
精彩评论