October 2010
Intermediate to advanced
1920 pages
73h 55m
English
Content preview from ASP.NET 4 UnleashedBecome an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Storing Connection Strings in the Web Configuration File
Storing connection strings in your pages is a bad idea for three reasons. First, it is not a good practice from the perspective of security. In theory, no one should ever view the source code of your ASP.NET pages. In practice, however, hackers have discovered security flaws in ASP.NET Framework. To sleep better at night, you should store your connection strings in a separate file.
Also, adding a connection string to every page makes it difficult to manage a website. If you ever need to change your password, you need to change every page that contains it. If, on the other hand, you store the connection string in one file, you can update the password by modifying the single file.
Finally, ...