77235

Is the web.config more secure than the database?

Question:

I'm building a small MVC app and I have a question in my head that sounds like a total noob question, but I have to ask it anyway

I have to store the users mailserver username and password, and I'm debating whether I should create a settings table in my database or put the info in the web.config.

Is one more secure than the other? If so, which one?

I know I can encrypt the web.config, but I also know modifying it from the app causes an app restart, so allowing the user to configure their own settings could be problematic if I want to write to the config.

Answer1:

If an attacker can access your web.config file, he is most likely able to access the database as well. Storing credentials in plaintext, regardless of location, is problematic.

Recommend

  • How to get live notification updates from mysql using websockets?
  • Bulk mailing using SMTP server in ASP.Net
  • apache2 virtualhost configuration with two subdirectories
  • Is it expensive to create the Thread object or to actually start the thread?
  • How to get Eclipse Oxygen to run on Java 9
  • MongoError: Incorrect arguments
  • MailKit: The IMAP server replied to the 'EXAMINE' command with a 'BAD' response
  • Django rest serializer Breaks when data exists
  • Java Scanner input dilemma. Automatically inputs without allowing user to type
  • Adding a button at the bottom of a table view
  • C# - Is there a limit to the size of an httpWebRequest stream?
  • Read text file and split every line in MSBuild
  • req.body is undefined - nodejs
  • How to make a tree having multiple type of nodes and each node can have multiple child nodes in java
  • Counter field in MS Access, how to generate?
  • Get object from AWS S3 as a stream
  • Java applet as stand-alone Windows application?
  • How to redirect a user to a different server and include HTTP basic authentication credentials?
  • How to extract text from Word files using C#?
  • How to check if every primary key value is being referenced as foreign key in another table
  • Sending data from AppleScript to FileMaker records
  • MySQL WHERE-condition in procedure ignored
  • Cassandra Data Model
  • Weird JavaScript statement, what does it mean?
  • Adding custom controls to a full screen movie
  • Do I've to free mysql result after storing it?
  • XCode can't find symbols for a specific iOS library/framework project
  • Unanticipated behavior
  • Comma separated Values
  • using conditional logic : check if record exists; if it does, update it, if not, create it
  • SQL merge duplicate rows and join values that are different
  • Codeigniter doesn't let me update entry, because some fields must be unique
  • Error creating VM instance in Google Compute Engine
  • Getting error when using KSoap library to consume .NET web services
  • Hits per day in Google Big Query
  • Trying to get generic when generic is not available
  • how does django model after text[] in postgresql [duplicate]
  • Authorize attributes not working in MVC 4
  • How to get NHibernate ISession to cache entity not retrieved by primary key
  • UserPrincipal.Current returns apppool on IIS