Mrudang Dalal
Reputation: 121
which is more secure way to store connection string in ASP.NET Application?
With .net Framework 4.5 shall i store encrypted connection string into web.config file OR i shall store connection string at Windows Registry and refer that in application?
Upvotes: 3
Views: 339
Answers (1)
jliles
Reputation: 308
This answer probably applies here
The short version is the config file is going to be easier to backup and restore in the event of a failure somewhere, the registry entry is less likely to be accidentally deleted. Both methods have pros and cons.
Security of either of these things is probably comparable. Regardless of which method you choose, some care should be taken to set the proper permissions on either a registry entry or a config file.
Upvotes: 1
Related Questions
- MVC 5 / ASP.Net 4.5 Storing Connection Strings Securely
- C# SQL connection string best practice
- Storing Connection String on Database
- How can I safely store and access connection string details?
- the best way to connect sql server (Windows authentication vs SQL Server authentication) for asp.net app
- Storing on connection string in <connectionstring> vs <applicationSettings>
- Storing connection strings in machine.config vs storing them in web.config
- Is there a need to secure connection string in web.config?
- Securely storing connection strings in an ASP.NET application
- ASP.Net Web Application - Is there a best practice method for where to keep connection strings?