How can I secure passwords stored inside web.config?

Generally, web.config is a secure file and IIS does not serve it, therefore it will not be exposed to users who are making requests to web server. Web server only serves specific type of files and web.config is surely not one of ’em.

Quite often you save your database connection string in it which includes password. Now imagine an scenario where web.config was not secure. You have created a major security threat to your application.

Therefore, specially as long as your project is not too big, you should not be worrying about it.

Yet, you may have a better approach but creating a project called “Resources” and save all the critical information such as settings, consts, enums and etc in there. That would be a slick and organized approach.

If you are passing the username/password over the wire though (for example in case of a secured API call), you may want to use https to make sure that information that are travelling are encrypted but that has nothing to do with the security of web.config file.

Related Posts:

  1. CS1617: Invalid option ‘6’ for /langversion; must be ISO-1, ISO-2, 3, 4, 5 or Default
  2. failed to load resource: the server response with a status 500 (internal server error)
  3. ASP.NET 5 MVC: unable to connect to web server ‘IIS Express’
  4. Twilio TwilioRestClient does not contain a definition for SendSmsMessage
  5. System.web.mvc missing
  6. What is WebResource.axd?
  7. ASP.NET MVC Page Won’t Load and says “The resource cannot be found”
  8. Cannot open database “test” requested by the login. The login failed. Login failed for user ‘xyz\ASPNET’
  9. System.ComponentModel.Win32Exception: Access is denied Error
  10. An ASP.NET setting has been detected that does not apply in Integrated managed pipeline mode
  11. The name ‘ViewBag’ does not exist in the current context – Visual Studio 2015
  12. Why is HttpContext.Current null?
  13. How to make Check Box List in ASP.Net MVC
  14. C# HttpClient An existing connection was forcibly closed by the remote host
  15. How to fix No connection could be made because the target machine actively refused it 127.0.0.1:64527
  16. How to resolve “Input string was not in a correct format.” error?
  17. The request was aborted: Could not create SSL/TLS secure channel
  18. Why is this code throwing an InvalidOperationException?
  19. How to add a default Default.aspx to a ASP.NET Web Application Project?
  20. how does Request.QueryString work?
  21. The request was aborted: Could not create SSL/TLS secure channel
  22. The request was aborted: Could not create SSL/TLS secure channel
  23. Access to the path is denied
  24. Compiler Error Message: The compiler failed with error code -2146232576
  25. The client and server cannot communicate, because they do not possess a common algorithm – ASP.NET C# IIS TLS 1.0 / 1.1 / 1.2 – Win32Exception
  26. WebForms UnobtrusiveValidationMode requires a ScriptResourceMapping for jquery
  27. Invalid length for a Base-64 char array
  28. What does vary:accept-encoding mean?
  29. The HTTP request was forbidden with client authentication scheme ‘Anonymous’. The remote server returned an error: (403) Forbidden
  30. Why am I getting a “Could not find a part of the path” exception?
  31. C# Gridview CheckBox Field VS (Template Field + CheckBox)
  32. How to use the “Using” statement in ASP.net razor webpages?
  33. calling javascript function on OnClientClick event of a Submit button
  34. What is the difference between “@Scripts.Render” and “

    Recommended Hostings

    Cloudways: Realize Your Website's Potential With Flexible & Affordable Hosting. 24/7/365 Support, Managed Security, Automated Backups, and 24/7 Real-time Monitoring.

    FastComet: Fast SSD Hosting, Free Migration, Hack-Free Security, 24/7 Super Fast Support, 45 Day Money Back Guarantee.

© 2024 Read For Learn