[
https://issues.apache.org/jira/browse/STONEHENGE-15?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12775116#action_12775116
]
Pablo Mariano Cibraro commented on STONEHENGE-15:
-------------------------------------------------
Any configuration in an App.config file can be encrypted. The bad practice here
is that we are storing the connection strings in the wrong configuration
section, they should be stored in the ConnectionString section , and we are now
using AppSettings. So, only the connection strings are encrypted, and not all
the application settings.
> Protect connection strings in Business Services and Order Processor solutions
> -----------------------------------------------------------------------------
>
> Key: STONEHENGE-15
> URL: https://issues.apache.org/jira/browse/STONEHENGE-15
> Project: Stonehenge
> Issue Type: Improvement
> Components: DOTNET_BS, DOTNET_OPS
> Environment: .NET trunk
> Reporter: Scott Golightly
> Assignee: Scott Golightly
> Priority: Minor
> Fix For: M2
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> The database connection strings are listed in plain text in the configuration
> files. .NET provides the means to encrypt the connection strings and
> automatically decrypt the values before using it. Encrypting the connection
> string is a best practice to protect the database login information.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
