Passwords in web.config files, what to do with them? RRS feed

  • Question

  • User-1959374973 posted

    My group is getting ready to migrate our current website from ColdFusion to ASP.NET.  Currently all database connections are stored within ColdFusion Administrator as Data Sources.  When we move to ASP.NET we will have to put the database connection strings in the web.config file(s).  People within the group are worried about plain text passwords sitting in the web.config files.  I've read online where people are saying to separate the code from configurations and only apply the passwords for config files when deploying the application.   Is there a best practice when it comes to doing this?  We are not a large group, so our process can't be too complicated, but I would like to do something that follows best practices.

    Monday, March 11, 2013 2:06 PM