473,406 Members | 2,217 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp.net > questions > about web.config file

Join Bytes to post your question to a community of 473,406 software developers and data experts.

About web.config file

Bob
The web.config file is a pure XML file. Would people who visits my website
built on ASP.NET 2.0 be able to access my web.config file? i.e. can they do
http://mywebsite/web.config ?

I'm thinking of storing the DSN info in there and I definitely don't want
people to see my connection string.
Nov 24 '05 #1
6 1180
"Bob" <sp******@nospam.com> wrote in message
news:Oc**************@TK2MSFTNGP09.phx.gbl...
The web.config file is a pure XML file. Would people who visits my
website
built on ASP.NET 2.0 be able to access my web.config file? i.e. can they
do
http://mywebsite/web.config ?
What happened when you tried this for yourself...?
I'm thinking of storing the DSN info in there and I definitely don't want
people to see my connection string.


Why don't you use encryption?
Nov 24 '05 #2
Hi Bob,

no, you can't request a web.config file. The ASP.NET framework has
attached a page handler to this file which serves a HTTP-Forbidden to
the client.

You can encrypt your config file if you don't want people to be able to
read it.

Grtz, Wouter

Trainer - Info Support
www.dive-in-it.nl

Nov 24 '05 #3
No, the .config file is mapped to ASPX inside IIS, and within asp.net, it's
mapped to the ForbiddenHandler

so it goes

request for .config
iis --> asp.net
asp.net --> forbidden access
I hate to point out the obvious, but why not just try it out? :)

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/
"Bob" <sp******@nospam.com> wrote in message
news:Oc**************@TK2MSFTNGP09.phx.gbl...
The web.config file is a pure XML file. Would people who visits my
website
built on ASP.NET 2.0 be able to access my web.config file? i.e. can they
do
http://mywebsite/web.config ?

I'm thinking of storing the DSN info in there and I definitely don't want
people to see my connection string.

Nov 24 '05 #4
Ehr Karl,

that's what I said...

and the .config file is not mapped to ASPX. It is mapped to the ASP.NET
isapi dll which kick starts it all.

Oh well..

Nov 24 '05 #5
Bob
Excellent. Thanks, guys.

In other words, I can create my own custom .config file (i.e.
myusers.config) and rely on IIS to protect it from prying eyes for me?
"Karl Seguin" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME net>
wrote in message news:%2***************@TK2MSFTNGP15.phx.gbl...
No, the .config file is mapped to ASPX inside IIS, and within asp.net, it's mapped to the ForbiddenHandler

so it goes

request for .config
iis --> asp.net
asp.net --> forbidden access
I hate to point out the obvious, but why not just try it out? :)

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/
"Bob" <sp******@nospam.com> wrote in message
news:Oc**************@TK2MSFTNGP09.phx.gbl...
The web.config file is a pure XML file. Would people who visits my
website
built on ASP.NET 2.0 be able to access my web.config file? i.e. can they do
http://mywebsite/web.config ?

I'm thinking of storing the DSN info in there and I definitely don't want people to see my connection string.


Nov 25 '05 #6
yes

--
MY ASP.Net tutorials
http://www.openmymind.net/
"Bob" <sp******@nospam.com> wrote in message
news:uB**************@TK2MSFTNGP12.phx.gbl...
Excellent. Thanks, guys.

In other words, I can create my own custom .config file (i.e.
myusers.config) and rely on IIS to protect it from prying eyes for me?
"Karl Seguin" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME net>
wrote in message news:%2***************@TK2MSFTNGP15.phx.gbl...
No, the .config file is mapped to ASPX inside IIS, and within asp.net,

it's
mapped to the ForbiddenHandler

so it goes

request for .config
iis --> asp.net
asp.net --> forbidden access
I hate to point out the obvious, but why not just try it out? :)

Karl

--
MY ASP.Net tutorials
http://www.openmymind.net/
"Bob" <sp******@nospam.com> wrote in message
news:Oc**************@TK2MSFTNGP09.phx.gbl...
> The web.config file is a pure XML file. Would people who visits my
> website
> built on ASP.NET 2.0 be able to access my web.config file? i.e. can they > do
> http://mywebsite/web.config ?
>
> I'm thinking of storing the DSN info in there and I definitely don't want > people to see my connection string.
>
>



Nov 25 '05 #7
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

2
need feed back about the comments I write
by: lawrence | last post by:
I've been bad about documentation so far but I'm going to try to be better. I've mostly worked alone so I'm the only one, so far, who's suffered from my bad habits. But I'd like other programmers...
PHP
13
lightweight human-readable config?
by: Maxim Khesin | last post by:
I want to have a config file with my python proggie, satisfying the following requirements: 1) support key->(value, default) 2) simple and intuitive to read and edit 3) easyly readable into a...
Python
1
About AppSettingReader
by: Erick | last post by:
Hi, Could any explain how AppSettingReader know the right app.config file to take as default? Thanks.
.NET Framework
2
About Application Config file
by: Ellis Yu | last post by:
Dear All, I've an application running from the network server. The config file includes some application setting and the connection string inside. If I want the application to read the config...
Visual Basic .NET
10
Question about "Configuration Error" Message
by: Rider | last post by:
Hi, simple(?) question about asp.net configuration.. I've installed ASP.NET 2.0 QuickStart Sample successfully. But, When I'm first start application the follow message shown. ========= Server...
ASP.NET
2
about the probing tag and assembly location
by: Shiraz | last post by:
Alright, I think I have a better perception of assemblies and environment variables now. The question I had initially posted was pertaining setting of environment variables using the VSI installer....
C# / C Sharp
1
about locating assemblies
by: Shiraz | last post by:
Hi It seems like none of the old posts get any follow up after a few messages, whether or not something constructive comes out of them, so I'm left with no choice but to repost an earlier...
C# / C Sharp
1
about the configuration file app.config
by: fairyvoice | last post by:
i create a configuration file for the program with the default name "app.config" and the ConfigurationManager deal with well, but after i change the file name like "other.config" it doesn't work,...
C# / C Sharp
2
2 questions about Microsoft Enterprise Library
by: rockdale | last post by:
Hi, all I am using Enterprise Library for .NET Framework 2.0 - January 2006 to access my backend MS SQL database. As now we are consider migrate sql database to mySQL. What engine (ODBC or...
ASP.NET
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
agi2029
AI Job Threat for Devs
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing,...
Career Advice
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!