Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I seen some asp.net developers encrypt ConnectionStrings that was included in separate config file.
Why they did that ? I know that config files are unreadable from the client side/browser! Is it possible to access to this kind of files ?
You can’t rule out that the web box is compromised.
Also, you don’t want the web admins to know passwords to databases.
You need to remember that config files cannot be obtained by the browser just because
.configextension is in the list of restrictions in IIS metadata. It may be possible to get them from the server in other way or some misconfiguration problem may allow them to be downloaded.