Solved

VB.NET 2013:  Application Settings Vs. app.config

Posted on 2014-10-29
3
1,499 Views
Last Modified: 2014-12-09
I am maintaining several applications.  Some of them use app.config files, the others use Application settings.  All of the applications use one or the other.  

It is my understanding that the app.config files are meant to be read-only from the application, where the Application settings can be modified from the application.  And that the app.config file has the benefit of being modifiable without needing a recompile.

-  Is my understanding correct?
-  Are there situations where using both would be good form?  For example, connection strings in the app.config (in case your database moves) and application settings that the user might change in the Application Settings?

Thanks in advance!

- Michael
0
Comment
Question by:mjs082969
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 33

Accepted Solution

by:
it_saige earned 500 total points
ID: 40410833
Basically App.config is your development environment's version of XYZ.exe.config.  When you compile your project, the IDE takes the app.config and turns it into xyz.exe.config.  If xyz.exe reads any setting using the System.Configuration classes, they will be read from xyz.exe.config.  The setting tab (Application settings), ultimately, has no relationship with either of these files (although, application-defined settings are stored in the xyz.exe.config).  Instead, the settings tab modifies a file called Settings.settings within your development environment (found in Show All Files --> My Project --> Settings.settings).  This file contains application-defined and user-defined settings that you can modify within your IDE.  The difference being that application-defined settings are read-only and user-defined settings are read-write enabled.  The configuration file generated from this is actually stored in the local profile of the user running your application (%USERPROFILE%\Local Settings\<Company Name>\<Assembly Name>\<version>\user.config).  These are known as My.Settings.

You are right in the thought that since they are xml files that the modification of the values contained within do not require a recompile (unless you do something the requires that you change the type associated with the value).

Check this blog for more answers:  http://ryanfarley.com/blog/archive/2004/07/13/879.aspx
MSDN on My.Settings:  http://msdn.microsoft.com/en-us/library/ms379611(VS.80).aspx

-saige-
0
 

Author Comment

by:mjs082969
ID: 40423992
Would it also be correct to say that to properly secure connection strings (which include the SQL server user name and password) that the connection string settings should be put into the app.config so that they may be encrypted?  I was under the impression that including them in the Application Settings was secure, because they would be in the compiled executable.  But the MSIL decompiler could be used to access this information....
0
 
LVL 33

Expert Comment

by:it_saige
ID: 40424047
Choosing to place the connection string in the app.config does not make it any more or less secure than putting it into the registry, defining it as a constant or embedding it as a resource.

Choosing to place the connection string in the app.config is more about ease of accessibility from a development standpoint.  Regardless of the location you choose, I would definately encrypt the connection string.  Especially since the app.config is a xml file and everything is in clear text, e.g.  Sample app.config -
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
	<connectionStrings>
		<add name="CodeSampleCS.Properties.Settings.NORTHWNDConnectionString"
		    connectionString="TestToGetStringFrom App.config File"
		    providerName="System.Data.SqlClient" />
	</connectionStrings>
</configuration>

Open in new window


In short, no matter where you define sensitive information, encryption is usually recommended.

-saige-
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

After several hours of googling I could not gather any information on this topic. There are several ways of controlling the USB port connected to any storage device. The best example of that is by changing the registry value of "HKEY_LOCAL_MACHINE\S…
Parsing a CSV file is a task that we are confronted with regularly, and although there are a vast number of means to do this, as a newbie, the field can be confusing and the tools can seem complex. A simple solution to parsing a customized CSV fi…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question