HighTechTalks DotNet Forums  

Re: Securing app.config / web.config

Go Back HighTechTalks DotNet Forums Dotnet Dotnet Security Re: Securing app.config / web.config

Dotnet Security microsoft.public.dotnet.security


Discuss Re: Securing app.config / web.config in the Dotnet Security forum.



Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old   
Dominick Baier
 
Posts: n/a

Default Re: Securing app.config / web.config - 12-04-2007 , 04:36 PM





Right. There is no such thing as client security. You will not be able to
hide a connection string's password from an determined hacker.

Either use integrated authentication or shield database details using a middle
tier.

-----
Dominick Baier (http://www.leastprivilege.com)

Developing More Secure Microsoft ASP.NET 2.0 Applications (http://www.microsoft.com/mspress/books/9989.asp)

Quote:
Thanks Dominick,

So, as far as I understand the configuration protection is olny a good
solution for web applications because it secures web.config contets
for remote viewing attacks and it's assumed that direct access to the
server in orde to run commands like aspnet_iisreg or accessing key
containers is secure. If I'm switching to a desktop application ... do
I'll have to secure app.config "all by myself"?



Reply With Quote
Reply

« Previous Thread | Next Thread »



Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Powered by vBulletin Version 3.5.4
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.


Contact Us - HighTechTalks DotNet Forums - Archive - Top