mjs082969
asked on
VB.NET 2013: Application Settings Vs. app.config
I am maintaining several applications. Some of them use app.config files, the others use Application settings. All of the applications use one or the other.
It is my understanding that the app.config files are meant to be read-only from the application, where the Application settings can be modified from the application. And that the app.config file has the benefit of being modifiable without needing a recompile.
- Is my understanding correct?
- Are there situations where using both would be good form? For example, connection strings in the app.config (in case your database moves) and application settings that the user might change in the Application Settings?
Thanks in advance!
- Michael
It is my understanding that the app.config files are meant to be read-only from the application, where the Application settings can be modified from the application. And that the app.config file has the benefit of being modifiable without needing a recompile.
- Is my understanding correct?
- Are there situations where using both would be good form? For example, connection strings in the app.config (in case your database moves) and application settings that the user might change in the Application Settings?
Thanks in advance!
- Michael
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Choosing to place the connection string in the app.config does not make it any more or less secure than putting it into the registry, defining it as a constant or embedding it as a resource.
Choosing to place the connection string in the app.config is more about ease of accessibility from a development standpoint. Regardless of the location you choose, I would definately encrypt the connection string. Especially since the app.config is a xml file and everything is in clear text, e.g. Sample app.config -
In short, no matter where you define sensitive information, encryption is usually recommended.
-saige-
Choosing to place the connection string in the app.config is more about ease of accessibility from a development standpoint. Regardless of the location you choose, I would definately encrypt the connection string. Especially since the app.config is a xml file and everything is in clear text, e.g. Sample app.config -
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<connectionStrings>
<add name="CodeSampleCS.Properties.Settings.NORTHWNDConnectionString"
connectionString="TestToGetStringFrom App.config File"
providerName="System.Data.SqlClient" />
</connectionStrings>
</configuration>
In short, no matter where you define sensitive information, encryption is usually recommended.
-saige-
ASKER