Menu
This is my first time working on a secure website. It's for a pet project I have.
For security purposes, where is it best to store information like SQL connection strings, database encryption keys, etc? Is it better to use web.config, store them in a class that accesses a database (like dataBaseHelper.cs or something), or somewhere else?
I intend to obtain an SSL cert as well. When communicating with the database, should I always use the secure connection?
405
Accessibility of sensitive data. For example, frequently used sensitive data is best stored on a high-speed medium, such as an HDD or SSD. If the storage media are in a data center, they are much easier to monitor for security and unauthorized access than if the storage media are in a cloud environment.
How can I protect Sensitive Data? Encryption is the most effective way to protect your data from unauthorized access. Encryption can be defined as transforming the data into an alternative format that can only be read by a person with access to a decryption key.
Not only is it bad practice; it's also very dangerous, especially if you upload your code to a public repository like GitHub. Then you just publicly present your credentials to anyone who comes across it! Environment variables collect all of our confidential information in a single file.
Check Encrypting sections of config files section on MSDN.
198
Depending on the app, it's generally best-practice to use a KMS to store encryption keys. If a KMS is not available because of budget constraints or whatever, Key Containers are the next best option. Once your key is protected you can store variables either in encrypted sections of the config file as suggested, or as encrypted byte arrays in the assembly itself.
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
