Menu
What is the best way to manage connection strings in a web application, from a security standpoint? I've done it several different ways. I've stored them as plain text web.config setting keys. I've also created a "Constants" class that has public read-only string properties for each connection string.
Does anybody have any recommendations for managing connections strings in such a way that I will have no concern about them being maliciously discovered? I am definitely open for encryption.
900
The best way to secure the database connection string is to encrypt the value within the configuration file. The application would then load the encrypted value from the config file, decrypt the value, and then use the decrypted value as the connection string to connect to the database.
Connection strings in configuration files are typically stored inside the <connectionStrings> element in the app. config for a Windows application, or the web. config file for an ASP.NET application.
config based connectionstring as seems is unsafe, because one can read it. But think about it, if a person can read your web. config, means he can edit any file on your server anyways as he probably already hack or gain access to file.
you can encrypt your connection strings in your web.config file.
storing connection strings in a class as a property or a constant is not secure. anyone who uses a disassembler can see your connection string.
best way is the configuration encrypting.
53
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
