web.config比数据库更安全吗? [英] Is the web.config more secure than the database?
问题描述
我正在建立一个小型的MVC应用程序,我有一个问题在我的头,听起来像一个总的noob问题,但我必须问。
I'm building a small MVC app and I have a question in my head that sounds like a total noob question, but I have to ask it anyway
我必须存储用户mailserver用户名和密码,我辩论是否应该在我的数据库中创建一个设置表或将信息放在web.config中。
I have to store the users mailserver username and password, and I'm debating whether I should create a settings table in my database or put the info in the web.config.
一个比另一个更安全吗?如果是,哪一个?
Is one more secure than the other? If so, which one?
我知道我可以加密web.config,但我也知道从应用程序修改它会导致应用程序重新启动,所以允许用户配置自己的设置可能会有问题,如果我想写入配置。
I know I can encrypt the web.config, but I also know modifying it from the app causes an app restart, so allowing the user to configure their own settings could be problematic if I want to write to the config.
推荐答案
如果攻击者可以访问您的web.config文件,他很可能也能访问数据库。以明文形式存储凭据,无论位置如何,都是有问题的。
If an attacker can access your web.config file, he is most likely able to access the database as well. Storing credentials in plaintext, regardless of location, is problematic.
这篇关于web.config比数据库更安全吗?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!