Last post Oct 25, 2019 10:59 AM by PatriceSc
Jan 19, 2017 05:43 PM|tadbirgaran|LINK
What is the most secure
method for encrypting connection string?
Is the connection string must be
stored on the web.config?
Jan 19, 2017 06:20 PM|Dmitry Sikorsky|LINK
This is good idea to store you connection strings in the appsettings.json, because if anybody has access to your application's folder this is not very important if he also can see the connection string. If you host your application in Azure you can also
use azure app settings storage:
Jan 19, 2017 06:26 PM|maherjendoubi|LINK
Sometimes, connection string contains sensitive information that needs to be protected.
I suggest you use dotnet core secret manager : http://www.fiyazhasan.me/dont-share-your-secrets-asp-net-core-secret-manager-tool/
Oct 25, 2019 10:37 AM|Agilitis|LINK
I think this is actually a very bad advice. Just because an adversary has access to something he or she shouldn't have it doesn't mean that you shouldn't at least try to minimize the effect of the intrusion.
Never ever commit to a repository any production secret such as connection strings with passwords in it. I would suggest using Key Vault, or environmental variables.
Oct 25, 2019 10:59 AM|PatriceSc|LINK
Or another approach is to use Windows authentication so that the connection string doesn't contain any user/password information (it will use the account configured at the IIS level)...