{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 走好不送 的问题《Secure methods of storing keys, passwords for asp.》','https://www.manongdao.com/q-840790.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
What is the best practice for storing keys, and or passwords for a website. These keys are for various 3rd party web services. Is it best to have them in the Web.config file, or in the database, or encrypted somehow?
相关问题
- “Zero out” sensitive String data in Swift
- High cost encryption but less cost decryption
- How to restrict VOB read access in ClearCase (Wind
- Is it appropriate to secure/hide Swagger/OpenAPI S
- java 11 HttpClient leads to endless SSL loop even
相关文章
- Warning : HTML 1300 Navigation occured?
- Security concerns about CORS
- How do I prevent SQL injection with ColdFusion
- LINQ to Entities and SQL Injection
- How to use Google application-specific password in
- Will re-populating a password field in a form be a
- AWS - Configuring access to EC2 instance from Bean
- Shiro complaining “There is no session with id xxx
You can store the encrypted values in the .config file, and ASP.NET 2.0 will decrypt them on the fly.
Your configuration would look something like:
and then you run the following from a command line, in the same directory as your config file:
From K. Scott Allen:
http://odetocode.com/Blogs/scott/archive/2006/01/08/2707.aspx
Depends on how often the values change. If they will never change then I would keep them in your source code.
I would stay away from storing data that changes in the Web.Config because changing it forces a restart of the App pool.
My vote would be to store them, encrypted, in the database and provide an easy way for the values to be changed (e.g. store values in the cache and refresh them when they are altered by a user).
Assuming your database isn't accessible from the outside world or that you have it properly locked down that would be the preferred way to store the keys. This allows all of your applications to pull from the same store of keys/passwords making changes very quick and easy.