0

PROBLEM: We have multiple ASP.net websites & WCF services. Each of the service stores the SQL server passwords in its own config file. However as part of the annual review process the passwords are required to be updated. This adds pain for the team as there are around 15+ code bases which require config update, build & deployment.

PROBABLE SOLUTION: We are looking to store passwords in encrypted format for all the applications in a single configuration file which would help us to change the passwords by modifying a single config file. This would save a lot of dev, build & testing efforts.

QUESTION: Is it good practice to store passwords for all the apps in a single config file? In other words what are the pros n cons of this approach. If not is there any other way suggested to address the problem?

jarlh
  • 42,561
  • 8
  • 45
  • 63
Nitin Malode
  • 87
  • 1
  • 7
  • I would ask why you have every website and service using the same sql login. If they all are using the same credentials you have a challenge determining which app is causing locking or long running queries. My choice would be to have separate config files because I would want different user names and/or application names for every site. – Sean Lange Feb 02 '17 at 14:04
  • As the applications use the same database but only different tables the sql login is same. Hence considering this would it be advisable to use single config file? – Nitin Malode Feb 03 '17 at 17:37
  • You would have to do something like this. http://stackoverflow.com/questions/505566/loading-custom-configuration-files – Sean Lange Feb 03 '17 at 17:44
  • Thanks Sean. Apart from this I am also looking if it is a good practice to store the passwords for all the apps in a single config file? Any pros n cons of this approach? – Nitin Malode Feb 06 '17 at 11:38

0 Answers0