1

i have a winforms app, the solution has two projects client (winforms) and the business logic(as Library classes). When i create a datset.xsd file in the client, it adds app.config file to the client. but why it adds it in the client?

App.config which contains the connection string should belong in the business logic (in the Library classes) because the business logic layer is the layer that accesses the database. To my understanding the the connection string part of the app.config should be encrypted. But why this app.config is placed in the client where the security risk is high, why typically developers do not place it in the business layer?

Phill Greggan
  • 2,234
  • 3
  • 20
  • 33
  • 1
    It sounds like there is some confusion here about the logical vs physical components of software. If the business layer is _physically_ separate (in its own process) then it would have its own `app.config` file. – Davin Tryon Aug 17 '14 at 03:48
  • in the case where the business layer is installed in the same machine where the client is, app.config should be placed in the client. such as in the case of assume im developing a quick books like app? – Phill Greggan Aug 17 '14 at 03:51
  • I still am a bit unclear on the setup, but yes, there is a single configuration file (by default) per process. A physical process can host any number of logical software layers (including a business layer). – Davin Tryon Aug 17 '14 at 03:53

1 Answers1

6

Configuration file App.config is for the entire application configuration not per library. Like Davin mentioned it's not a physical separation but rather logical where all libraries still get placed into the same folder when you compile an application and the main app.config file from the assembly that runs an application is used for getting configuration data for your application.

The file is not encrypted by default but it can be. Here is a thread that lists different ways of encrypting the web.config configuration data.

Encrypting appSettings in web.config

And here is a blog post about encrypting app.config file

http://weblogs.asp.net/jongalloway//encrypting-passwords-in-a-net-app-config-file

Community
  • 1
  • 1
Sergey
  • 3,214
  • 5
  • 34
  • 47