What exactly are you worried about? If anyone other than the site developers can write to web.config, you've got a problem. Only they and the asp.net process should be able to read from it.
If internet (or intranet!) users can access _any_ files on your file system -- vs. having them executed or "served" (e.g. for images or CSS files), you've got more troubles than I care to imagine. At 05:10 AM 2/8/2007, Paul Cowan wrote >Hi, >Acutally the more I think of it, is this really secure to store these values >in the web.config. Obviously I cannot hit the web.config. We are creating an >internet application and not an intranet application. >I think the httpmodule is the way forward. >Cheers > >[EMAIL PROTECTED] J. Merrill / Analytical Software Corp =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
