Where to store important variables?

Question

Where to store important variables?

This is my first experience on a secure website. This is for my favorite project.

For security reasons, where is it better to store information such as SQL connection strings, database encryption keys, etc.? Is it better to use web.config, store them in a class that accesses a database (e.g. dataBaseHelper.cs or something else) or somewhere else?

I also intend to get an SSL certificate. When communicating with the database, should I always use a secure connection?

+8

c # .net asp.net

julio9 Apr 6 '11 at 2:22

source share

3 answers

Check the "Encrypt configuration file partitions" section on MSDN.

+10

Sanjeevakumar hiremath Apr 6 '11 at 2:27

source share

Depending on the application, it is usually recommended to use KMS to store encryption keys. If KMS is unavailable due to budget constraints or something else, key containers are the next best option. After your key is protected, you can store the variables either in the encrypted sections of the configuration file, as suggested, or as encrypted byte arrays in the assembly itself.

+1

lukiffer Apr 6 '11 at 4:00

source share

julio9 · Accepted Answer · 2011-04-08T00:08:00+0000

I found an article that will help solve the problem of whether it can be done on the server on which my site is hosted. Just googled based on the answers you guys gave above. Worked very well.

http://sharpertutorials.com/webconfig-encryption/

Thanks for the help and guidance.

Where to store important variables?

More articles: