To anyone on this discussion thread,

Are there any issues with illegal characters in the .config file?  In 
other words, if you have double-quotes in the connection string (ones 
built by the .NET IDE have quotes in them) or encrypted strings might 
have odd characters in them.  Is this an issue taht anyone has 
encountered?

R

> We usually have a Windows Exe which we hand it to the administrator of 
the
web site. The Administrator uses the EXE to encrypt the Connection String.
He then pastes the string in the place holder where we tell him to do so.
And on Application Start event we decrypt it once and store it in an
Application Variable.

 

-----Original Message-----
From: Imar Spaanjaars [mailto:Imar@S...] 
Sent: Thursday, September 05, 2002 12:06 PM
To: ASPX_Professional
Subject: [aspx_professional] RE: where to put your database connection str
ing

Yes, you're correct. Hadn't thought about that too much.

Thing is, we usually use application security on top of Windows security. 
Means that the app knows who is allowed to do what and what not. We're 
not 
using NTFS permissions that much since most of our apps consist of 
dynamic 
ASP(X) pages with content from the database.

I agree that when using files or other resources this could be a problem, 
although you could create a different application (config file that is) 
to 
override certain behavior for certain files.


Imar






At 10:37 AM 9/5/2002 -0500, you wrote:
>Yeah impersonation works but then you lose the ability to maintain other
>resource restrictions for users (such as file system access).  For 
instance
>if you have secure documents that only certain people have access to
>according to their NT login then those permission settings would be
>invalidated when accessing those document stores via the intranet since
your
>impersonating as a common user.  Trusted connections are OK but I find 
the
>flexibility of sql users to be much more accommodating.  It really 
depends
>on what all your doing.
>