web.config比数据库更安全吗？ [英] Is the web.config more secure than the database?

问题描述

我正在建立一个小型的MVC应用程序，我有一个问题在我的头，听起来像一个总的noob问题，但我必须问。

I'm building a small MVC app and I have a question in my head that sounds like a total noob question, but I have to ask it anyway

我必须存储用户mailserver用户名和密码，我辩论是否应该在我的数据库中创建一个设置表或将信息放在web.config中。

I have to store the users mailserver username and password, and I'm debating whether I should create a settings table in my database or put the info in the web.config.

一个比另一个更安全吗？如果是，哪一个？

Is one more secure than the other? If so, which one?

我知道我可以加密web.config，但我也知道从应用程序修改它会导致应用程序重新启动，所以允许用户配置自己的设置可能会有问题，如果我想写入配置。

I know I can encrypt the web.config, but I also know modifying it from the app causes an app restart, so allowing the user to configure their own settings could be problematic if I want to write to the config.

推荐答案

如果攻击者可以访问您的web.config文件，他很可能也能访问数据库。以明文形式存储凭据，无论位置如何，都是有问题的。

If an attacker can access your web.config file, he is most likely able to access the database as well. Storing credentials in plaintext, regardless of location, is problematic.

这篇关于web.config比数据库更安全吗？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！