Is the web.config more secure than the database?


I'm building a small MVC app and I have a question in my head that sounds like a total noob question, but I have to ask it anyway

I have to store the users mailserver username and password, and I'm debating whether I should create a settings table in my database or put the info in the web.config.

Is one more secure than the other? If so, which one?

I know I can encrypt the web.config, but I also know modifying it from the app causes an app restart, so allowing the user to configure their own settings could be problematic if I want to write to the config.


If an attacker can access your web.config file, he is most likely able to access the database as well. Storing credentials in plaintext, regardless of location, is problematic.


  • How to get live notification updates from mysql using websockets?
  • Bulk mailing using SMTP server in ASP.Net
  • apache2 virtualhost configuration with two subdirectories
  • Is it expensive to create the Thread object or to actually start the thread?
  • How to get Eclipse Oxygen to run on Java 9
  • MongoError: Incorrect arguments
  • MailKit: The IMAP server replied to the 'EXAMINE' command with a 'BAD' response
  • Django rest serializer Breaks when data exists
  • Java Scanner input dilemma. Automatically inputs without allowing user to type
  • Adding a button at the bottom of a table view
  • C# - Is there a limit to the size of an httpWebRequest stream?
  • Read text file and split every line in MSBuild
  • req.body is undefined - nodejs
  • How to make a tree having multiple type of nodes and each node can have multiple child nodes in java
  • Counter field in MS Access, how to generate?
  • Get object from AWS S3 as a stream
  • Java applet as stand-alone Windows application?
  • How to redirect a user to a different server and include HTTP basic authentication credentials?
  • How to extract text from Word files using C#?
  • How to check if every primary key value is being referenced as foreign key in another table
  • Sending data from AppleScript to FileMaker records
  • MySQL WHERE-condition in procedure ignored
  • Cassandra Data Model
  • Weird JavaScript statement, what does it mean?
  • Adding custom controls to a full screen movie
  • Do I've to free mysql result after storing it?
  • XCode can't find symbols for a specific iOS library/framework project
  • Unanticipated behavior
  • Comma separated Values
  • using conditional logic : check if record exists; if it does, update it, if not, create it
  • SQL merge duplicate rows and join values that are different
  • Codeigniter doesn't let me update entry, because some fields must be unique
  • Error creating VM instance in Google Compute Engine
  • Getting error when using KSoap library to consume .NET web services
  • Hits per day in Google Big Query
  • Trying to get generic when generic is not available
  • how does django model after text[] in postgresql [duplicate]
  • Authorize attributes not working in MVC 4
  • How to get NHibernate ISession to cache entity not retrieved by primary key
  • UserPrincipal.Current returns apppool on IIS