Solved

Where is the best place to put id and passwords?

Posted on 2015-01-12
7
238 Views
Last Modified: 2015-01-14
Hi, I'm using VS2010.
I created a web application and I am wondering where is the best place to store the userid and password.  Currently I have it in Web.config in the App setting section.  Well, should I just put it in my C# code?  I mean when I deploy to web server then it's in dll form?  Shouldn't that be better than web.config?  If that server is hacked then they might get to the web.config and read the password.  Thank you for your input.
0
Comment
Question by:lapucca
7 Comments
 
LVL 33

Expert Comment

by:Mike Eghtebas
ID: 40545202
Consider storing it in a control tag property.

or instead consider:

"Set your config files in a directory outside of public webspace , the webserver should be the owner of this directory and it should have permissions set to 700. All files it contains should be 644. This way no one can even read the file contents apart from webserver user or root.

This is a common approach, but there is a lot more to the subject as security is a very vast topic, but is better than 90% of the setups out there."
0
 

Author Comment

by:lapucca
ID: 40545260
Currently the web.config is just under the www folder of the Windows IIS web server.  I don't know what do you mean but web server is the owner.  Web server is a machine and not an account that I'm aware of.  and how to set 700 permission?  I only know if I right click a folder or file then I can click on the Security tab and set different user account to different access permission level.  Appreciate it if you can elaborate.  Thank you.
0
 
LVL 33

Assisted Solution

by:Mike Eghtebas
Mike Eghtebas earned 167 total points
ID: 40545271
lapucca,

I though I have included the link for my quote in the last post. After storing in the tag suggestion, I came across the second solution for you to take a look at:

http://stackoverflow.com/questions/6281930/what-is-the-most-accepted-method-for-hiding-password-for-connect-php-file

There is more suggestion in this link.
0
3 Use Cases for Connected Systems

Our Dev teams are like yours. They’re continually cranking out code for new features/bugs fixes, testing, deploying, testing some more, responding to production monitoring events and more. It’s complex. So, we thought you’d like to see what’s working for us.

 

Author Comment

by:lapucca
ID: 40545318
Thanks but looking at that didn't really explain about permission 700 ....  Should I just leave it in the C# code instead?  Thank you.
0
 
LVL 79

Assisted Solution

by:David Johnson, CD, MVP
David Johnson, CD, MVP earned 166 total points
ID: 40545474
700 and 644 are linux/unix permission settings for windows you need to add system to the read permissions and 1 user with read/write permissions (so it can be changed) and deny i_user read/write permissions.
0
 
LVL 10

Accepted Solution

by:
Walter Padrón earned 167 total points
ID: 40545484
You better go with encryption

Connection Strings and Configuration Files
http://msdn.microsoft.com/en-us/library/ms254494%28v=vs.110%29.aspx

go to section  "Encrypting Configuration File Sections Using Protected Configuration"
0
 

Author Closing Comment

by:lapucca
ID: 40549688
I'm using IIS on Windows server.  Thank you.  I will look into encryption.
0

Featured Post

Master Your Team's Linux and Cloud Stack

Come see why top tech companies like Mailchimp and Media Temple use Linux Academy to build their employee training programs.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A long time ago (May 2011), I have written an article showing you how to create a DLL using Visual Studio 2005 to be hosted in SQL Server 2005. That was valid at that time and it is still valid if you are still using these versions. You can still re…
The article shows the basic steps of integrating an HTML theme template into an ASP.NET MVC project
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
This Micro Tutorial demonstrates using Microsoft Excel pivot tables, how to reverse engineer competitors' marketing strategies through backlinks.

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question