将db密码注入默认EF连接字符串的最佳位置是什么 [英] What is the best place to inject the db password to the default EF connection string

问题描述

实体数据模型向导说：

此连接字符串似乎包含连接到数据库所需的敏感数据（例如密码）。在连接字符串中存储敏感数据可能会带来安全风险。您想在连接字符串中包含此敏感数据吗？

This connection string appears to contain sensitive data (for example, a password) that is required to connect to the database. Storing sensitive data in the connection string can be a security risk. Do you want to include this sensitive data in the connection string?

我选择了否，并且在Web.config中找到了以下生成的新连接字符串：

I have selected No, and I found the following generated new connection string in my Web.config:

 <add name="eMarket_DBEntities" connectionString="metadata=res://*/App_Code.EFModel.csdl|res://*/App_Code.EFModel.ssdl|res://*/App_Code.EFModel.msl;provider=System.Data.SqlClient;provider connection string=&quot;data source=.\sqlexpress;initial catalog=eMarket_DB;user id=sa;multipleactiveresultsets=True;application name=EntityFramework&quot;" providerName="System.Data.EntityClient;" />

也在Web.config中：

Also in Web.config:

  <entityFramework>
<defaultConnectionFactory type="System.Data.Entity.Infrastructure.SqlConnectionFactory, EntityFramework" />

最好的方式和位置

How and where is the best place to pass the password in one time to be default for EF?

推荐答案

有两种方法可以在Web中不包含密码。

There are two ways to not include password in Web.Config.

1. 在IIS的主机设置中输入密码。 IIS会为每个主机保留一个主机配置，并且在web.config之前应用此主机配置中的所有设置。唯一的问题是，只有管理员可以通过IIS管理控制台对其进行修改。

1. Put password in IIS's host settings. IIS keeps one more host config per host, and all settings in this host config is applied before web.config. The only problem is, only administrator can modify it through IIS Management Console.

密码更少的连接字符串将使用应用程序池标识用户进行登录。您可以创建Windows用户并将其设置为应用程序池标识。并授予对您的网站内容文件夹的读取权限。并将此用户添加到SQL数据库中，并使该用户成为数据库所有者。这是托管站点的最安全方式，因为每个应用程序池都在隔离和运行中运行。每个应用可以分配更多权限。唯一的问题是，任务管理器不再显示工作进程的站点名称。

Password Less connection string will use Application Pool Identity user to Login. You can create a windows user and set it as Application Pool Identity. And give read access to your site content folder as well. And add this User in SQL database and make this user db-owner. This is most safe way to host sites as each Application Pool runs in Isolation & more rights can be given per app. The only problem is, Task manager no longer display site name for worker process.

在共享主机中，任何有权访问的人控制台的所有内容都可以访问，您几乎无法保护它，但这就是我们的工作方式。

In Shared Hosting, anyone with access of control panel probably has access to everything, there is little you can do to secure it, but this is how we do it.

1. 我们为开发人员创建单独的FTP登录名以上传代码。


2. 管理员设置配置文件，开发人员从不上传web.config。如果上传错误，管理员将登录到某些控制台或ftp并修改web.config


3. 开发人员不应被授予对共享主机控制面板的管理员访问权限。设置网站以及上载代码和编辑web.config必须由管理员完成。


4. Windows Azure网站允许您在管理控制面板中修改web.config。
>

1. We create separate FTP login for developers to upload code.
2. Administrator sets up the config file and developers do not upload web.config ever. By mistake if they upload, admin will login to some console or ftp and modify web.config
3. Developers should not be given admin access to shared hosting control panel. Setting up website along with uploading of code and editing web.config must be done by the admin.
4. Windows Azure web sites does let you modify web.config in admin control panel.

这篇关于将db密码注入默认EF连接字符串的最佳位置是什么的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！