?
Solved

VB.NET 2013:  Application Settings Vs. app.config

Posted on 2014-10-29
3
Medium Priority
?
1,579 Views
Last Modified: 2014-12-09
I am maintaining several applications.  Some of them use app.config files, the others use Application settings.  All of the applications use one or the other.  

It is my understanding that the app.config files are meant to be read-only from the application, where the Application settings can be modified from the application.  And that the app.config file has the benefit of being modifiable without needing a recompile.

-  Is my understanding correct?
-  Are there situations where using both would be good form?  For example, connection strings in the app.config (in case your database moves) and application settings that the user might change in the Application Settings?

Thanks in advance!

- Michael
0
Comment
Question by:mjs082969
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 34

Accepted Solution

by:
it_saige earned 2000 total points
ID: 40410833
Basically App.config is your development environment's version of XYZ.exe.config.  When you compile your project, the IDE takes the app.config and turns it into xyz.exe.config.  If xyz.exe reads any setting using the System.Configuration classes, they will be read from xyz.exe.config.  The setting tab (Application settings), ultimately, has no relationship with either of these files (although, application-defined settings are stored in the xyz.exe.config).  Instead, the settings tab modifies a file called Settings.settings within your development environment (found in Show All Files --> My Project --> Settings.settings).  This file contains application-defined and user-defined settings that you can modify within your IDE.  The difference being that application-defined settings are read-only and user-defined settings are read-write enabled.  The configuration file generated from this is actually stored in the local profile of the user running your application (%USERPROFILE%\Local Settings\<Company Name>\<Assembly Name>\<version>\user.config).  These are known as My.Settings.

You are right in the thought that since they are xml files that the modification of the values contained within do not require a recompile (unless you do something the requires that you change the type associated with the value).

Check this blog for more answers:  http://ryanfarley.com/blog/archive/2004/07/13/879.aspx
MSDN on My.Settings:  http://msdn.microsoft.com/en-us/library/ms379611(VS.80).aspx

-saige-
0
 

Author Comment

by:mjs082969
ID: 40423992
Would it also be correct to say that to properly secure connection strings (which include the SQL server user name and password) that the connection string settings should be put into the app.config so that they may be encrypted?  I was under the impression that including them in the Application Settings was secure, because they would be in the compiled executable.  But the MSIL decompiler could be used to access this information....
0
 
LVL 34

Expert Comment

by:it_saige
ID: 40424047
Choosing to place the connection string in the app.config does not make it any more or less secure than putting it into the registry, defining it as a constant or embedding it as a resource.

Choosing to place the connection string in the app.config is more about ease of accessibility from a development standpoint.  Regardless of the location you choose, I would definately encrypt the connection string.  Especially since the app.config is a xml file and everything is in clear text, e.g.  Sample app.config -
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
	<connectionStrings>
		<add name="CodeSampleCS.Properties.Settings.NORTHWNDConnectionString"
		    connectionString="TestToGetStringFrom App.config File"
		    providerName="System.Data.SqlClient" />
	</connectionStrings>
</configuration>

Open in new window


In short, no matter where you define sensitive information, encryption is usually recommended.

-saige-
0

Featured Post

Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Wouldn’t it be nice if you could test whether an element is contained in an array by using a Contains method just like the one available on List objects? Wouldn’t it be good if you could write code like this? (CODE) In .NET 3.5, this is possible…
The ECB site provides FX rates for major currencies since its inception in 1999 in the form of an XML feed. The files have the following format (reducted for brevity) (CODE) There are three files available HERE (http://www.ecb.europa.eu/stats/exch…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
Have you created a query with information for a calendar? ... and then, abra-cadabra, the calendar is done?! I am going to show you how to make that happen. Visualize your data!  ... really see it To use the code to create a calendar from a q…

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question