在Web应用程序中存储数据库凭据的位置？ [英] Where to store database credentials in a web app?

问题描述

我想知道您使用什么技术来存储应用程序的数据库凭据。我特别关注java webapps，但我不认为有任何需要限制的问题。

I'm wondering what techniques you use to store the database credentials for your application. I'm specifically concerned with java webapps, but I don't think there's any need to limit the questions to that.

要考虑的事项：

是否使用属性文件，xml配置和其他？

它是捆绑到您的应用程序（即在jar文件中）或单独存储在文件系统上的某处？

是否加密了密码？如果是，你使用什么加密方案？

things to consider:
Do you use property files,xml configs, other?
Is it bundled into your application(ie in a jar file) or stored seperately on the file system somewhere?
Is the password encrypted? If so, what encryption scheme do you use?

推荐答案

由于您将问题留给平台，我将添加.NET应用程序的数据库凭据存储在web.config文件。从版本2.0及以上，有一个特定的ConnectionStrings部分，允许更容易编程访问连接字符串。

Since you're leaving the question open to platform, I'll add that database credentials for .NET apps are stored in the web.config file. From version 2.0 and above, there is a specific ConnectionStrings section that allows for easier programmatic access to the connection string.

除了让IIS自动阻止对网络的直接请求.config文件，您也可以使用IIS命令加密web.config文件的ConnectionString部分。这种加密是机器特有的，增加了它的优势，.NET运行时还会在访问它时即时解密连接字符串，因此您的应用程序不需要额外的编码来处理它。

In addition to having IIS automatically block direct requests to the web.config file by default, you can also use an IIS command to encrypt the ConnectionString section of the web.config file. This encryption is machine specific, adding to its strengths, and the .NET runtime will also decrypt the connection string on the fly when you access it, so there is no need for additional coding in your application to work with it.

这篇关于在Web应用程序中存储数据库凭据的位置？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！