4

Whats the preferred file (and why do you prefer it) to store database connection strings in an ASP.Net application, where security is the primary issue?

Thanks

Improve this question

2 Answers 2

Reset to default
5

The preferred way? Don't!

Used a trusted connection and Windows principal.

In connection string, either:

Trusted_Connection = Yes

or

Integrated Security = SSPI (or True)
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Integrated Security=SSPI ftw.
but where would you store the connection string?
Mitch... why would you store it in app.config?
i think Mitch meant web.config and perhaps missed that you're doing ASP.Net and not a thick client.
2

You can store the connection strings in your <connectionStrings> section of web.config, and then encrypt that section by using aspnet_regiis (in your C:\Windows\Microsoft.NET\Framework\v2.0.50727 directory):

aspnet_regiis.exe -pef "connectionStrings" C:\yourproject\YourWebSite

aspnet_regiis has a multitude of config parameters - the -pef allows you to specify the physical path where your website project is (and find the web.config file in that path and encrypts the connectionStrings section inside it).

Or you could also possibly store things like server name (and database name, if that's configurable and could change) separately, in a config, and only build up your connection string at runtime in memory and never even store the whole connection string anywhere. But as soon as you have sensitive information like this, stored in a config file, you are well advised to encrypt it.

Marc

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.