is reading web.config from a class insecure?
Question
i wanted a way of getting settings without having to look them up every time so i made this simple class. ex:
public class CustomConfigSettings
{
public CustomConfigSettings()
{
// Default constructor.
}
public string MySetting
{
get { return ConfigurationManager.AppSettings["mySetting"]; }
}
}
it works fine, but it feels like it might be insecure (for some reason i can't put my finger on). would appreciate feedback on security issues, if any, and any possible alternatives. (webforms; .net 3.5).
3 answers
solution1
2 2013-04-25 16:41:56
This is not insecure by itself. Security depends on who will access your class and if this class permits changes to configurations, then if somebody access your code, he can change settings.
solution2
2 2013-04-25 16:44:00
I don't see any reason it would be considered more or less secure to read AppSettings from a class than to read them directly from your code. You're using the proper calls and syntax.
solution3
1 2013-04-25 20:12:27
There is no problem with your code.
Anyway you can make the function static, it will look better and do not require creating new instance.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.