No, the .config file is mapped to ASPX inside IIS, and within asp.net, it's
mapped to the ForbiddenHandler
so it goes
request for .config
iis --> asp.net
asp.net --> forbidden access
I hate to point out the obvious, but why not just try it out? :)
Karl
--
MY ASP.Net tutorials
http://www.openmymind.net/
"Bob" <sp******@nospam.com> wrote in message
news:Oc**************@TK2MSFTNGP09.phx.gbl...
The web.config file is a pure XML file. Would people who visits my
website
built on ASP.NET 2.0 be able to access my web.config file? i.e. can they
do
http://mywebsite/web.config ?
I'm thinking of storing the DSN info in there and I definitely don't want
people to see my connection string.