I am not for one minute suggesting you can serve web.config files. you are aware connection strings have been hacked from the web.config? I just do not like the overhead of the members/roles stuff that comes with .NET 2.0. I had a look at membership and found it very slow. [EMAIL PROTECTED]
> Date: Thu, 8 Feb 2007 11:17:58 -0500> From: [EMAIL PROTECTED]> Subject: Re: > [ADVANCED-DOTNET] AOP and security> To: ADVANCED-DOTNET@DISCUSS.DEVELOP.COM> > > What exactly are you worried about? If anyone other than the site > developers can write to web.config, you've got a problem. Only they and the > asp.net process should be able to read from it.> > If internet (or intranet!) > users can access _any_ files on your file system -- vs. having them executed > or "served" (e.g. for images or CSS files), you've got more troubles than I > care to imagine.> > At 05:10 AM 2/8/2007, Paul Cowan wrote> >Hi,> >Acutally > the more I think of it, is this really secure to store these values in the > web.config. Obviously I cannot hit the web.config. We are creating an > internet application and not an intranet application.> >I think the > httpmodule is the way forward.> >Cheers> >> >[EMAIL PROTECTED]> > > J. > Merrill / Analytical Software Corp> > ===================================> > This list is hosted by DevelopMentorĀ® http://www.develop.com> > View archives > and manage your subscription(s) at http://discuss.develop.com =================================== This list is hosted by DevelopMentorĀ® http://www.develop.com View archives and manage your subscription(s) at http://discuss.develop.com
