Link to home
Start Free TrialLog in
Avatar of lapucca
lapucca

asked on

Where is the best place to put id and passwords?

Hi, I'm using VS2010.
I created a web application and I am wondering where is the best place to store the userid and password.  Currently I have it in Web.config in the App setting section.  Well, should I just put it in my C# code?  I mean when I deploy to web server then it's in dll form?  Shouldn't that be better than web.config?  If that server is hacked then they might get to the web.config and read the password.  Thank you for your input.
Avatar of Mike Eghtebas
Mike Eghtebas
Flag of United States of America image

Consider storing it in a control tag property.

or instead consider:

"Set your config files in a directory outside of public webspace , the webserver should be the owner of this directory and it should have permissions set to 700. All files it contains should be 644. This way no one can even read the file contents apart from webserver user or root.

This is a common approach, but there is a lot more to the subject as security is a very vast topic, but is better than 90% of the setups out there."
Avatar of lapucca
lapucca

ASKER

Currently the web.config is just under the www folder of the Windows IIS web server.  I don't know what do you mean but web server is the owner.  Web server is a machine and not an account that I'm aware of.  and how to set 700 permission?  I only know if I right click a folder or file then I can click on the Security tab and set different user account to different access permission level.  Appreciate it if you can elaborate.  Thank you.
SOLUTION
Avatar of Mike Eghtebas
Mike Eghtebas
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of lapucca

ASKER

Thanks but looking at that didn't really explain about permission 700 ....  Should I just leave it in the C# code instead?  Thank you.
SOLUTION
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
ASKER CERTIFIED SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of lapucca

ASKER

I'm using IIS on Windows server.  Thank you.  I will look into encryption.