|
.net
newsgroups
|
|||||||||||||||||||||||
|
|||||||||||||||||||||||
About web.config fileThe web.config file is a pure XML file. Would people who visits my website
built on ASP.NET 2.0 be able to access my web.config file? i.e. can they do http://mywebsite/web.config ? I'm thinking of storing the DSN info in there and I definitely don't want people to see my connection string. "Bob" <spamfree@nospam.com> wrote in message What happened when you tried this for yourself...?news:OcXrG9P8FHA.3544@TK2MSFTNGP09.phx.gbl... > The web.config file is a pure XML file. Would people who visits my > website > built on ASP.NET 2.0 be able to access my web.config file? i.e. can they > do > http://mywebsite/web.config ? > I'm thinking of storing the DSN info in there and I definitely don't want Why don't you use encryption?> people to see my connection string. No, the .config file is mapped to ASPX inside IIS, and within asp.net, it's
mapped to the ForbiddenHandler so it goes request for .config iis --> asp.net asp.net --> forbidden access I hate to point out the obvious, but why not just try it out? :) Karl Show quoteHide quote "Bob" <spamfree@nospam.com> wrote in message news:OcXrG9P8FHA.3544@TK2MSFTNGP09.phx.gbl... > The web.config file is a pure XML file. Would people who visits my > website > built on ASP.NET 2.0 be able to access my web.config file? i.e. can they > do > http://mywebsite/web.config ? > > I'm thinking of storing the DSN info in there and I definitely don't want > people to see my connection string. > > Ehr Karl,
that's what I said... and the .config file is not mapped to ASPX. It is mapped to the ASP.NET isapi dll which kick starts it all. Oh well.. Excellent. Thanks, guys.
In other words, I can create my own custom .config file (i.e. myusers.config) and rely on IIS to protect it from prying eyes for me? Show quoteHide quote "Karl Seguin" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME net> wrote in message news:%23XLmFMQ8FHA.132@TK2MSFTNGP15.phx.gbl... > No, the .config file is mapped to ASPX inside IIS, and within asp.net, it's > mapped to the ForbiddenHandler > > so it goes > > request for .config > iis --> asp.net > asp.net --> forbidden access > > > I hate to point out the obvious, but why not just try it out? :) > > Karl > > -- > MY ASP.Net tutorials > http://www.openmymind.net/ > > > "Bob" <spamfree@nospam.com> wrote in message > news:OcXrG9P8FHA.3544@TK2MSFTNGP09.phx.gbl... > > The web.config file is a pure XML file. Would people who visits my > > website > > built on ASP.NET 2.0 be able to access my web.config file? i.e. can they > > do > > http://mywebsite/web.config ? > > > > I'm thinking of storing the DSN info in there and I definitely don't want > > people to see my connection string. > > > > > > yes
Show quoteHide quote "Bob" <spamfree@nospam.com> wrote in message news:uBoOvtc8FHA.2364@TK2MSFTNGP12.phx.gbl... > Excellent. Thanks, guys. > > In other words, I can create my own custom .config file (i.e. > myusers.config) and rely on IIS to protect it from prying eyes for me? > > > "Karl Seguin" <karl REMOVE @ REMOVE openmymind REMOVEMETOO . ANDME net> > wrote in message news:%23XLmFMQ8FHA.132@TK2MSFTNGP15.phx.gbl... >> No, the .config file is mapped to ASPX inside IIS, and within asp.net, > it's >> mapped to the ForbiddenHandler >> >> so it goes >> >> request for .config >> iis --> asp.net >> asp.net --> forbidden access >> >> >> I hate to point out the obvious, but why not just try it out? :) >> >> Karl >> >> -- >> MY ASP.Net tutorials >> http://www.openmymind.net/ >> >> >> "Bob" <spamfree@nospam.com> wrote in message >> news:OcXrG9P8FHA.3544@TK2MSFTNGP09.phx.gbl... >> > The web.config file is a pure XML file. Would people who visits my >> > website >> > built on ASP.NET 2.0 be able to access my web.config file? i.e. can > they >> > do >> > http://mywebsite/web.config ? >> > >> > I'm thinking of storing the DSN info in there and I definitely don't > want >> > people to see my connection string. >> > >> > >> >> > > Hi Bob,
no, you can't request a web.config file. The ASP.NET framework has attached a page handler to this file which serves a HTTP-Forbidden to the client. You can encrypt your config file if you don't want people to be able to read it. Grtz, Wouter Trainer - Info Support www.dive-in-it.nl  
Other interesting topics
Using Components in ASP.NET (C#)
The system cannot find the file specified. (Exception from HRESULT: 0x80070002) XHTML 1.0 Event 1089 Retreive images stored in Access database Can we search keywords in a word document? MS Forms 2.0 Combo box control .ascx file as index page? Problem with aspnet_wp.exe How to initiate a postback in a function? |
|||||||||||||||||||||||
