I already have got the add-on for SQL Server 2005 and able to connect using my sql server management server to the DB on DASP server.


When I use username/password in Connectionstring I am able to connect to the DB and my application works.


How safe is username/password in web.config on your asp.net server.


I normally work on custom applications on local system and dont know what encrypt/decrypt procedures to use which is compatible on your servers.


I think i should post it on asp.net and not on database.


Thanks

It is 'relatively' safe.


1) Internet user cannot download the web.config file directly using their browser. This is blocked at the IIS level


2) Other users on the server should not have permission to your web.config file.


If you are really concerned about security, I recommend you encrypt the connection information in the web.config file. This is a rather complex process though. See
http://kb.discountasp.net/article.aspx?id=10478

Bruce

DiscountASP.NET
www.DiscountASP.NET (http://www.DiscountASP.NET)

I attached a SQLServer Express Database and I am able to connect to it using the SQL Server Management Studio.


My connectionstringin VS 2005 was



<add name="LocalSqlServer" connectionString="Data Source=COMPUTERNAME\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|DBFI LENAME.mdf"/>


In discountasp.net can we only use it username/password and or can we use it using the AttachDBFileName
If we use username/password in plain text, how safe is it? Do we need to encrypt?


What do you normally suggest to your clients?


My DB is the app_data folder of my website.


Thanks in advance

Because of SQL Express poor security and performance issues, we do not support SQL Express on our hosting environment. If you have not already done so, you will need to get the SQL 2005 addon to your account.

rcp
DiscountASP.NET
www.DiscountASP.NET (http://www.DiscountASP.NET)