Remove From My Forums

Passwords in web.config files, what to do with them?

Question
0

Sign in to vote

User-1959374973 posted

My group is getting ready to migrate our current website from ColdFusion to ASP.NET. Currently all database connections are stored within ColdFusion Administrator as Data Sources. When we move to ASP.NET we will have to put the database connection strings in the web.config file(s). People within the group are worried about plain text passwords sitting in the web.config files. I've read online where people are saying to separate the code from configurations and only apply the passwords for config files when deploying the application. Is there a best practice when it comes to doing this? We are not a large group, so our process can't be too complicated, but I would like to do something that follows best practices.

Monday, March 11, 2013 2:06 PM

Answers

0

Sign in to vote
User220959680 posted

Encrypt the connectionstrings section as explained in my blog article

http://weblogs.asp.net/sukumarraju/archive/2011/02/18/encrypt-and-decrypt-connectionstrings-section-in-web-config-using-aspnet-regiis-utility.aspx
- Marked as answer by Anonymous Thursday, October 7, 2021 12:00 AM
Monday, March 11, 2013 2:28 PM