[英]Suitable option for Persist Security info in Asp.NET
From the starting of asp.net
projects, I am using below connectionstring 从
asp.net
项目的开始,我正在使用以下connectionstring
Data Source=Server; Initial Catalog=Database; User Id=sa; Password=123456; Persist Security=true;
Many times, I feel confuse by using Persist Security
. 很多时候,我使用
Persist Security
感到困惑。 I read that if I set it to true, windows will remember password and if I set it to false then It won't return credentials. 我读到如果将其设置为true,则Windows将记住密码;如果将其设置为false,则它将不返回凭据。
What is the best suitable option to use Persist Security
, specially for e-commerce type website ? 特别是针对电子商务类型的网站,使用
Persist Security
的最佳选择是什么? Is there any another best way to define User Id
and Password
? 还有其他最佳方法来定义
User Id
和Password
吗?
Typically, if you have a user id and password, you don't need Persist Security
. 通常,如果您具有用户ID和密码,则不需要
Persist Security
。
What's a good way to define these credentials? 定义这些凭据的好方法是什么? If you're in a cloud hosting scenario like Azure, don't define these in the web.config, but rather define the connection string in the Azure portal.
如果您处于Azure之类的云托管方案中,请不要在web.config中定义它们,而应在Azure门户中定义连接字符串。 This keeps the production credentials out of version control, and may also protect enterprise credentials from developers.
这使生产凭据不受版本控制,并且还可以保护企业凭据免受开发人员的侵害。
If you're in a more traditional hosting environment, and your database and website are on the same virtual machine, you may be able to use a trusted connection (windows login account), avoiding the credentials in the web.config all together. 如果您使用的是传统托管环境,并且数据库和网站位于同一台虚拟机上,则可以使用受信任的连接(Windows登录帐户),而不必一起使用web.config中的凭据。
Look to connectionstrings.com for building connection strings to SQL Server (and other databases) in various forms. 查找connectionstrings.com ,以各种形式构建到SQL Server(和其他数据库)的连接字符串。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.