Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I built a small website and there will be only one admin, so in the admin panel I am asking for a password with a value that I do not retrieve from a database, I just hard coded it in the function in code behind, I know this is wrong though I don’t know why.
So is hard coding it in web.config the right thing to do? and how?
As far as it being wrong… the problem is that if you ever need to change it, and it’s hardcoded in your codebehind, you need to recompile,republish, re-deploy your website, whereas a change to the web.config can be done without doing this.
You could put it in an AppSetting in the web.config like so.
and use this code to retrieve it
Though I’d have a look at this.
https://web.archive.org/web/20211029043331/https://aspnet.4guysfromrolla.com/articles/021506-1.aspx
It covers encrypting sections of your web.config