K
kbutterly
Good afternoon, all!
Our security standards require all passwords to be changed regularly.
Since there is a password in the web.config file for the connnection
string, the following question has been raised:
Can we store the password in a database table somewhere and have the
web.config pull it in from there?
The thinking is that this will avoid changing production code once it
is in production. The database table data will only be accessible by
the SQL DBAs.
I am pretty new at ASP.NET, and the idea doesn't seem sensible to me,
since we are going to encrypt the web.config file so it's safe, but
this is what the powers-that-be have asked.
I would really appreciate any thoughts on this idea; if it's possible,
feasible or reasonable.
Thanks so much,
Kathryn
Our security standards require all passwords to be changed regularly.
Since there is a password in the web.config file for the connnection
string, the following question has been raised:
Can we store the password in a database table somewhere and have the
web.config pull it in from there?
The thinking is that this will avoid changing production code once it
is in production. The database table data will only be accessible by
the SQL DBAs.
I am pretty new at ASP.NET, and the idea doesn't seem sensible to me,
since we are going to encrypt the web.config file so it's safe, but
this is what the powers-that-be have asked.
I would really appreciate any thoughts on this idea; if it's possible,
feasible or reasonable.
Thanks so much,
Kathryn