ASP.NET 内核:生产连接串的放置位置
[英]ASP.NET Core: Where to place Connection String for Production
问题描述
ASP.Net Core, using version 5.0.100, and I am trying to publish my web application to a hosting provider. 
ASP.Net Core,使用版本 5.0.100,我正在尝试将我的 web 应用程序发布到托管服务提供商。 I am trying to figure out where to place my connection string.我试图找出放置连接字符串的位置。 As of right now I have it inside appsetting.json .截至目前,我将它放在appsetting.json中。
"ConnectionString": {
"default": "data source=.; database= myDataBase; user id = sa; password = myPassw0rd",
}
Is this bad practice?这是不好的做法吗? I am worried that someone may find the connection string and hack the website.我担心有人可能会找到连接字符串并破解网站。 Thank you in advance!先感谢您!
2 个解决方案
解决方案1
2 2020-12-20 01:42:59
There are several places you can put your connection string:有几个地方可以放置连接字符串:
- Settings files, such as appsettings.json设置文件,如 appsettings.json
- Environment variables环境变量
- Azure Key Vault Azure 密钥库
- Azure App Configuration Azure 应用程序配置
- Command-line arguments命令行 arguments
- Custom providers, installed or created自定义提供程序,安装或创建
- Directory files目录文件
- In-memory .NET objects内存中 .NET 对象
See the documentation for Configuration in ASP.NET Core for configuration for all of the above.有关上述所有配置,请参阅ASP.NET 内核中的配置文档。 Each option carries different kinds of risk, so you'll need to evaluate which one makes the most sense for your use case.每个选项都有不同类型的风险,因此您需要评估哪个选项对您的用例最有意义。
解决方案2
1 2020-12-20 02:23:26
It's good that you're questioning how to best manage connection strings.很高兴您质疑如何最好地管理连接字符串。 Storing credentials in any configuration file like appsettings.json and web.config is a bad idea.在 appsettings.json 和 web.config 等任何配置文件中存储凭据是个坏主意。 There are a number of ways to protect your secrets.有多种方法可以保护您的秘密。 It really comes down to your specific use case.这实际上取决于您的特定用例。 My preferred method is using Application Pool Identities.我首选的方法是使用应用程序池标识。 Here aa few resources to get you started.这里有一些资源可以帮助您入门。
Connection String Security C# 连接字符串安全 C#
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.