Skip to main content
We’ve updated our Terms of Service. A new AI Addendum clarifies how Stack Overflow utilizes AI interactions.
Server Fault

Return to Question

added 77 characters in body
Source Link
Oded
Oded
  • 267
  • 2
  • 16

I recently had this discussion with a colleague.

We need to secure the connection strings that are in our .config files (for SOX compliance) and found two options:

  • Encrypt the connection string configuration sections
  • Use windows authentication with the connection strings

Both approaches are mentioned in this article on MSDN (Protecting Connection Information (ADO.NET)), but it is not clear which of these options is more secure or which approach is the recommended one.

Those with experience with either or both of these, can you please share which one you have used and why?

To clarify my question - which of the two options is more secure and why?

I recently had this discussion with a colleague.

We need to secure the connection strings that are in our .config files (for SOX compliance) and found two options:

  • Encrypt the connection string configuration sections
  • Use windows authentication with the connection strings

Both approaches are mentioned in this article on MSDN (Protecting Connection Information (ADO.NET)), but it is not clear which of these options is more secure or which approach is the recommended one.

Those with experience with either or both of these, can you please share which one you have used and why?

I recently had this discussion with a colleague.

We need to secure the connection strings that are in our .config files (for SOX compliance) and found two options:

  • Encrypt the connection string configuration sections
  • Use windows authentication with the connection strings

Both approaches are mentioned in this article on MSDN (Protecting Connection Information (ADO.NET)), but it is not clear which of these options is more secure or which approach is the recommended one.

Those with experience with either or both of these, can you please share which one you have used and why?

To clarify my question - which of the two options is more secure and why?

Source Link
Oded
Oded
  • 267
  • 2
  • 16

Which is more secure - windows authentication or encrypted config sections?

I recently had this discussion with a colleague.

We need to secure the connection strings that are in our .config files (for SOX compliance) and found two options:

  • Encrypt the connection string configuration sections
  • Use windows authentication with the connection strings

Both approaches are mentioned in this article on MSDN (Protecting Connection Information (ADO.NET)), but it is not clear which of these options is more secure or which approach is the recommended one.

Those with experience with either or both of these, can you please share which one you have used and why?