Server-side application configuration security. Best practices

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Posted by Andrew Florko on Stack Overflow See other posts from Stack Overflow or by Andrew Florko
Published on 2011-01-13T09:40:42Z Indexed on 2011/01/13 13:53 UTC
Read the original article Hit count: 239

Filed under:
|
|

We publish server-side application to our customer workstation and customer's security guys are concerned about configuration connection strings safety.

Connection strings are stored as plain text right now, but as configuration file is not in the public/shared folder we supposed that workstation security itself is enough.

What are the ways to improve connection strings security further?

It is a big step forward to encrypt password and keep a decryption key on the same workstation? What are the steps we can take to keep connection strings (and alike) information more and more securable?

Thank you in advance!

© Stack Overflow or respective owner

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Related posts about .NET

Related posts about security

Categories cloud

.NET ASP.NET iphone linux python Windows mysql android sql windows-7 html c ruby-on-rails css objective-c ubuntu networking sql-server wpf asp.net-mvc ruby database Xml apache AJAX osx security regex django Performance 12.04 windows-xp mac web-development iphone-sdk vb.net Silverlight apache2 flash server perl best-practices email installation eclipse visual-studio algorithm windows-server-2008 winforms wcf firefox bash dns /Oracle