![]() ![]() %USERPROFILE%Application Data_nfig (roaming) %USERPROFILE%Local SettingsApplication Data_nfig. ![]() User settings have a default value that is stored in the app.config, but your application can overwrite these default values as needed, and the users settings will be stored in: These settings can either be “User” settings, or “Application” settings.Īpplication settings are stored in the app.config (or web.config), and are read-only. In the project properties you can select a “Settings” tab where you are able to modify application settings, which are in turn stored in app.config. net 2.0 and vs.net 2005 have teamed up to offer a new option for storing user settings which may seem more complicated at first if you don’t know exactly what you are doing. So unlike previous versions, you need to manually add a reference to System.Configuration in order to make this new call. It is important to note that the “!” above indicates that the fully quallified class listed, is located in the System.Configuration assembly, which of course you have to add to your project. This method is obsolete, it has been replaced by System.Configuration! However, if you try this, VS.Net will warn you: Net 1.x.ĭim myvalue As String = .Item( “ConnectionString” ) You can still do things the way you did with. The main reason people run into problems is due to MS making a number of changes, including changes between the beta and the RC product, resulting in different answers based on how early you encountered the issues. (But as I said, if they can get the web.config in the first place, they can probably also write/place files in the same directory!) The article is very nice, please don't get me wrong, but I'm struggling to see how "useful" this really is.I have seen lots of posts from people in the newsgroups trying to figure out what the deal is with the new config options in. I'm actually trying to think of a case where such encryption might help, and where it does seem helpful is if someone were to download the web.config and try to decrypt it on a different machine. They could create this simple page, run it to decrypt the config, get my private stuff, then re-encrypt it and clean up after themselves so that nobody gets suspicious. ![]() Anyone with "prawling eyes" able to look at my web.config in the first place (i.e., an Admin at the hosting company or an attacker who has taken root or sniffed an FTP password) should just as easily be able to create a simple ASPX page in my site that will do exactly what you've shown here. I too wonder about how "effective" this really is. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
January 2023
Categories |