Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP .Net Security > Best practice

Reply
Thread Tools

Best practice

 
 
7777
Guest
Posts: n/a
 
      09-02-2009
Sorry am under time constraint. What is the best practice in placing
asp.net published app files on the webserver, like in it's wwwroot or above
it and should the web.config or all pertaining files be encrypted as in will
these be secure from any web user from getting to it? Thanks in advance.


 
Reply With Quote
 
 
 
 
Alexey Smirnov
Guest
Posts: n/a
 
      09-04-2009
On Sep 2, 8:17*pm, "7777" <(E-Mail Removed)> wrote:
> Sorry am under time constraint. *What is the best practice in placing
> asp.net published app files on the webserver, like in it's wwwroot or above
> it and should the web.config or all pertaining files be encrypted as in will
> these be secure from any web user from getting to it? *Thanks in advance.


The web.config is not accessible via a browser. The dotnet framework
protected this file, if you will try to open it, you will get "This
type of page is not served". If you want to protect sensitive
information, like connection strings, from other users who has access
to the server you can encrypt by using aspnet_regiis tool. An
application can stay in wwwroot, I don't see any problem with this
directory.
 
Reply With Quote
 
 
 
 
7777
Guest
Posts: n/a
 
      09-04-2009
Thanks a bunch Alexey, much appreciated. Will look into it. Cheers


"Alexey Smirnov" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
On Sep 2, 8:17 pm, "7777" <(E-Mail Removed)> wrote:
> Sorry am under time constraint. What is the best practice in placing
> asp.net published app files on the webserver, like in it's wwwroot or
> above
> it and should the web.config or all pertaining files be encrypted as in
> will
> these be secure from any web user from getting to it? Thanks in advance.


The web.config is not accessible via a browser. The dotnet framework
protected this file, if you will try to open it, you will get "This
type of page is not served". If you want to protect sensitive
information, like connection strings, from other users who has access
to the server you can encrypt by using aspnet_regiis tool. An
application can stay in wwwroot, I don't see any problem with this
directory.


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
hidden data - best practice, best way, suggestions oldyork90 Javascript 1 09-10-2008 07:46 PM
Remember when your piano teacher taught you, "Practice, practice,practice ...?" Wayne Wastier Windows 64bit 3 06-10-2005 08:29 PM
Best security practice emmiller@cortdirections.com Cisco 2 03-24-2005 05:11 PM
What do you consider the BEST Practice Tests for A+ Exam? =?Utf-8?B?U2FnYUJvaTE3?= Microsoft Certification 0 01-17-2005 01:13 PM
Less than 20-site VPN Best Practice? Ram Rajadhyaksha Cisco 2 06-30-2004 11:10 PM



Advertisments