Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
My asp.net web application is reading and decrypting the password from a XML file in App_start event of Global.asax. But where should I store this password afterwards ? Would it be enough just store it in a static public variable or rather the application object ?
EDIT: Its a Database password
If you’re that worried about it, use a SecureString in the Application object. However, I feel compelled to warn you that encrypted passwords in config files are a maintenance nightmare. You should really reconsider storing it in plain text in the web.config and simply denying access to the web.config file for all but sysadmins and the asp.net worker process user (probably NETWORK SERVICE)