Improve company productivity with a Business Account.Sign Up

x
?
Solved

Where is the best place to put id and passwords?

Posted on 2015-01-12
7
Medium Priority
?
258 Views
Last Modified: 2015-01-14
Hi, I'm using VS2010.
I created a web application and I am wondering where is the best place to store the userid and password.  Currently I have it in Web.config in the App setting section.  Well, should I just put it in my C# code?  I mean when I deploy to web server then it's in dll form?  Shouldn't that be better than web.config?  If that server is hacked then they might get to the web.config and read the password.  Thank you for your input.
0
Comment
Question by:lapucca
7 Comments
 
LVL 34

Expert Comment

by:Mike Eghtebas
ID: 40545202
Consider storing it in a control tag property.

or instead consider:

"Set your config files in a directory outside of public webspace , the webserver should be the owner of this directory and it should have permissions set to 700. All files it contains should be 644. This way no one can even read the file contents apart from webserver user or root.

This is a common approach, but there is a lot more to the subject as security is a very vast topic, but is better than 90% of the setups out there."
0
 

Author Comment

by:lapucca
ID: 40545260
Currently the web.config is just under the www folder of the Windows IIS web server.  I don't know what do you mean but web server is the owner.  Web server is a machine and not an account that I'm aware of.  and how to set 700 permission?  I only know if I right click a folder or file then I can click on the Security tab and set different user account to different access permission level.  Appreciate it if you can elaborate.  Thank you.
0
 
LVL 34

Assisted Solution

by:Mike Eghtebas
Mike Eghtebas earned 668 total points
ID: 40545271
lapucca,

I though I have included the link for my quote in the last post. After storing in the tag suggestion, I came across the second solution for you to take a look at:

http://stackoverflow.com/questions/6281930/what-is-the-most-accepted-method-for-hiding-password-for-connect-php-file

There is more suggestion in this link.
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 

Author Comment

by:lapucca
ID: 40545318
Thanks but looking at that didn't really explain about permission 700 ....  Should I just leave it in the C# code instead?  Thank you.
0
 
LVL 85

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 664 total points
ID: 40545474
700 and 644 are linux/unix permission settings for windows you need to add system to the read permissions and 1 user with read/write permissions (so it can be changed) and deny i_user read/write permissions.
0
 
LVL 10

Accepted Solution

by:
Walter Padrón earned 668 total points
ID: 40545484
You better go with encryption

Connection Strings and Configuration Files
http://msdn.microsoft.com/en-us/library/ms254494%28v=vs.110%29.aspx

go to section  "Encrypting Configuration File Sections Using Protected Configuration"
0
 

Author Closing Comment

by:lapucca
ID: 40549688
I'm using IIS on Windows server.  Thank you.  I will look into encryption.
0

Featured Post

The 14th Annual Expert Award Winners

The results are in! Meet the top members of our 2017 Expert Awards. Congratulations to all who qualified!

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Calculating holidays and working days is a function that is often needed yet it is not one found within the Framework. This article presents one approach to building a working-day calculator for use in .NET.
High user turnover can cause old/redundant user data to consume valuable space. UserResourceCleanup was developed to address this by automatically deleting user folders when the user account is deleted.
Watch the video to know the process of migration of Exchange or Office 365 mailboxes in absence of MS Outlook. It is an eminent tool which can easily migrate Public, Archive user mailboxes from one another Exchange server and Office 365. Kernel Migr…
Wrapper-1-Query. Use an Excel function to calculate a column for an Access query. Part 1. Shows a query in Access that has a calculated column with the results of an Excel worksheet function. See how to call a wrapper function from a query, and …

579 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question