473,388 Members | 1,400 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > database username and password in web.config

Join Bytes to post your question to a community of 473,388 software developers and data experts.

Database username and password in web.config

Is it safe to have the database username and password in the web.config
file?

Thanks,
J.S.

--
Nov 19 '05 #1
6 2185
Hi JS,

..config will not be served to the client by ASP.NET by default. So your
application users won't be able to access them off the browser.

If a person has a login, access to the application's web server and enough
privilages on the folder, he could access the web.config files. If you want
to prevent this too, you have different options. These links might help.
Using DPAPI:
http://msdn.microsoft.com/library/de...SecNetHT08.asp

Using Registry:
http://msdn.microsoft.com/library/de...SecNetHT11.asp

You could also just encrypt the string and store it in .config.

--
HTH,
Rakesh Rajan
MVP, MCSD
http://www.msmvps.com/rakeshrajan/

"J.S." wrote:
Is it safe to have the database username and password in the web.config
file?

Thanks,
J.S.

--

Nov 19 '05 #2
What do you mean with safe: safe from who?

If you mean safe from anonimous web visitors: yes.
If you mean safe from administrator:no.
If you mean safe from hackers who managed to get access to your
webserver: without encryption: no...

Perhaps you can tell more?

Marcel van eijkel
( www.vaneijkel.com )

Nov 19 '05 #3
Hi Marcel,

I think I did not frame my question well. What I would like to know is:
what is the best way to store database connection information (i.e. SQL
server address, username, password, database name) in ASP.Net 2.0?

Thanks,
J.S.

--

"Marcel van eijkel ( www.vaneijkel.com )" <ma*************@gmail.com> wrote
in message news:11**********************@z14g2000cwz.googlegr oups.com...
What do you mean with safe: safe from who?

If you mean safe from anonimous web visitors: yes.
If you mean safe from administrator:no.
If you mean safe from hackers who managed to get access to your
webserver: without encryption: no...

Perhaps you can tell more?

Marcel van eijkel
( www.vaneijkel.com )

Nov 19 '05 #4
Hi Rakesh,

Thanks for your response. I know .config files do not get served by ASP.Net
but I don't know what the best method to store connection information is. I
was planning to encrypt the string and store it in the .config file, as you
have suggested, but I wanted to know what more experienced users such as
yourself consider to be the best way to store this information where a) one
has full access to the web server and b) where one is on shared hosting.

I'll check out the links you have mentioned for using DPAPI and the
Registry.

Thanks,
J.S.

--

"Rakesh Rajan" <rakeshrajan {at} mvps {dot} org> wrote in message
news:B0**********************************@microsof t.com...
Hi JS,

.config will not be served to the client by ASP.NET by default. So your
application users won't be able to access them off the browser.

If a person has a login, access to the application's web server and enough
privilages on the folder, he could access the web.config files. If you
want
to prevent this too, you have different options. These links might help.
Using DPAPI:
http://msdn.microsoft.com/library/de...SecNetHT08.asp

Using Registry:
http://msdn.microsoft.com/library/de...SecNetHT11.asp

You could also just encrypt the string and store it in .config.

--
HTH,
Rakesh Rajan
MVP, MCSD
http://www.msmvps.com/rakeshrajan/

Nov 19 '05 #5
With shared hosting, you're basically limited to compiling your
connection information into the .dll or using .config files. Neither
one works particularly well if you want to be able to deploy to
multiple environments with multiple database servers. In your case,
web.config seems fine.

Jason Kester
Expat Software Consulting Services
http://www.expatsoftware.com/

Nov 19 '05 #6
Thanks, Jason!

J.S.

--

"jasonkester" <ja*********@gmail.com> wrote in message
news:11**********************@f14g2000cwb.googlegr oups.com...
With shared hosting, you're basically limited to compiling your
connection information into the .dll or using .config files. Neither
one works particularly well if you want to be able to deploy to
multiple environments with multiple database servers. In your case,
web.config seems fine.

Jason Kester
Expat Software Consulting Services
http://www.expatsoftware.com/

Nov 19 '05 #7
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

8
database connection string...
by: Jim | last post by:
I want to store a database connection (includes username & password) for my asp.net app, currently I have it stored in the web.config file - I know this is not ideal but can anyone suggest a better...
ASP.NET
3
how to encrypt database password in web.config file
by: Henry | last post by:
Hi, my asp.net application is accessing a mssql on another server. This works fine when I use this in my web.config file: <add key="dbkey"...
ASP.NET
1
asp.net database password management
by: Ryan | last post by:
Is there an accepted strategy/design for database password management? Multiple asp.net web applications all talking to the same database. Each web app is on a separate machine and connectivity...
ASP.NET
1
ASP.NET Impersonation to access Oracle database...
by: Top Poster | last post by:
Hi all, I am trying to work out how I can use impersonation to connect to an Oracle 9i database such that I can avoid sending a clear text username and password to the Oracle server. We are...
ASP.NET
12
Can no connects to mySQL database
by: mistral | last post by:
phpMyAdmin 2.6.2 problem: can no connects to mySQL database: each time shown error #1045 - Access denied for user 'username'@'192.168.1.2' (using password: YES) Is seems, this is most common...
PHP
1
Problem in Retriveing Data from Database for Authentecation
by: =?Utf-8?B?SHVzYW0=?= | last post by:
Hi EveryBody: I made web site using asp.net 2.0 Vb.Net. The project depends on database in the local machine. The web site has • Create User Wizard and • Login form When the user is...
ASP.NET
39
Mysql database in UTF8, PHP shows latin1 (iso-8859-1)
by: alex | last post by:
I've converted a latin1 database I have to utf8. The process has been: # mysqldump -u root -p --default-character-set=latin1 -c --insert-ignore --skip-set-charset mydb mydb.sql # iconv -f...
PHP
7
database values to $_SESSION array
by: Deccypher | last post by:
Hi Im trying to do something a little more complex with my login script at the moment it works fine, checks the username and password with the database if its wrong it echo's a error and if its right...
PHP
1
Database's permission access
by: Hien Nguyen Vinh | last post by:
hi i just got my vbulletin 3.6.8 and a domain on byet.com,i have all my php file uploaded to the database,but when i tried to run install.php i keep getting a message says: Error description:...
PHP
12
lifeisgreat20009
Retrieve data from Database using struts jsp
by: lifeisgreat20009 | last post by:
I am a newbie to Struts and JSP...I have been working on the code below for 5 hours now..I googled a lot but couldn't get much help so finally I am here.. Hoping of getting my problem solved. Please...
Java
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Merging data from multiple Excel files
by: ryjfgjl | last post by:
In our work, we often receive Excel tables with data in the same format. If we want to analyze these data, it can be difficult to analyze them because the data is spread across multiple Excel files...
Data Management
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!