I understand that i’m never going to be completely safe … but paypal documentation

Question

0

Asked: May 26, 20262026-05-26T13:41:52+00:00 2026-05-26T13:41:52+00:00

I understand that i’m never going to be completely safe … but paypal documentation

0

I understand that i’m never going to be completely safe … but paypal documentation seems to stress that I should never plain-text store the API credentials in my code (ie, web.config or in some C#).

1) What is a reasonable way to protect it… without going OVERBOARD?
2) If I encrypt the keys in my web.config… where do I store the encryption key… in the database, right? But then… the connection strings to my database are also visible in the web.config… so I don’t understand why this is considered safety…

My website is an ecommerce store and will probably be on Arvixe business shared server.

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-26T13:41:53+00:00

Editorial Team

2026-05-26T13:41:53+00:00Added an answer on May 26, 2026 at 1:41 pm

I would encrypt the Paypal credentials and store this encrypted information in the web.config. Do the decryption in a separate DLL and obfuscate this DLL. You could also protect this DLL with an external protection system but we have had issues in the past where protected libraries don’t always work correctly in shared web environments.

0

Reply
Share
Share

- Report

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

I understand that i’m never going to be completely safe … but paypal documentation

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply