ASP.NET Web.Config引用Web根外部的配置文件
[英]ASP.NET Web.Config referencing config file outside web root
问题描述
I'm having a dispute over a web config layout from a security point of view. 
从安全角度来看,我对Web配置布局存在争议。
Our app.config is including a key which references two files containing the security settings (db name, password, AD root, a valid user and password to authenticate against, etc). 我们的app.config包含一个密钥,该密钥引用了两个包含安全设置的文件(数据库名称,密码,AD根目录,有效的用户名和要进行身份验证的密码等)。 Those two files are outside the web root, and plain text. 这两个文件位于Web根目录和纯文本之外。 Somehow i feel that's plainly wrong. 不知何故,我觉得那是完全错误的。 That's what web.config is for, to hold configs, and since it can be encrypted, and IIS would never serve a .config file, it should be safe enough. 这就是web.config的用途,用于保存配置,并且由于它可以被加密,并且IIS永远不会提供.config文件,因此它应该足够安全。
Is it really a bad practice? 真的是不好的做法吗? Can anyone point me in the right direction? 谁能指出我正确的方向? thanks in advance. 提前致谢。
1 个解决方案
解决方案1
0 已采纳 2018-03-22 16:54:09
Best practice is to keep any security settings in web.config file and access them in your code behind. 最佳做法是将所有安全设置保留在web.config文件中,并在后面的代码中访问它们。 Besides you can encrypt and transform your config security settings in web.config as well. 此外,您还可以在web.config中加密和转换您的配置安全设置。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.