Hi Rakesh,
Thanks for your response. I know .config files do not get served by ASP.Net
but I don't know what the best method to store connection information is. I
was planning to encrypt the string and store it in the .config file, as you
have suggested, but I wanted to know what more experienced users such as
yourself consider to be the best way to store this information where a) one
has full access to the web server and b) where one is on shared hosting.
I'll check out the links you have mentioned for using DPAPI and the
Registry.
Thanks,
J.S.
--
"Rakesh Rajan" <rakeshrajan {at} mvps {dot} org> wrote in message
news:B0**********************************@microsof t.com...
Hi JS,
.config will not be served to the client by ASP.NET by default. So your
application users won't be able to access them off the browser.
If a person has a login, access to the application's web server and enough
privilages on the folder, he could access the web.config files. If you
want
to prevent this too, you have different options. These links might help.
Using DPAPI:
http://msdn.microsoft.com/library/de...SecNetHT08.asp
Using Registry:
http://msdn.microsoft.com/library/de...SecNetHT11.asp
You could also just encrypt the string and store it in .config.
--
HTH,
Rakesh Rajan
MVP, MCSD
http://www.msmvps.com/rakeshrajan/