Best Practice for storing keys

I am trying to find the best procedure for storing keys used for encryption.

This would also be a question for the connection string to the database. At
the moment, this is kept in the web.info file.

This seems to be norm from all the books on building your Web Apps. Isn't
this a problem as the web.info is cleartext? I would suppose that having
keys (which you would to store/encrypt and get/decrypt from your database)
in this manner would be dangerous.

I am trying to find out how others deal with this. Also, I would need the
same information for my Apps on the same machine.

Thanks,

Tom


.

Relevant Pages

  • Protecting database connection string
    ... that the connection string can be potentially accessed by ... which would expose the Database ... it is directed for windows apps more than web apps (or at ...
    (microsoft.public.dotnet.framework.aspnet)
  • Best Practice for storing keys
    ... I am trying to find the best procedure for storing keys used for encryption. ... This would also be a question for the connection string to the database. ... This seems to be norm from all the books on building your Web Apps. ...
    (microsoft.public.dotnet.framework.aspnet.security)
  • Cannot Update Database (2.0)
    ... Okay, I've found that a couple of samples apps (at least, Web apps) can successfully update a database on my system. ... I then added a new data source and selected the database created in the previous step. ...
    (microsoft.public.dotnet.framework.adonet)
  • Re: Newbie needs to see a large project
    ... I'm an enterprise database guy who is ... >looking at building database-backed transactional web apps. ... >haven't built large apps, and haven't built sophisticated database apps. ...
    (comp.lang.python)
  • Re: Mail merge from inter/intranet
    ... "Access a database and insert into a Word document the data that you find ... A macro queries the SQL database via the web apps. ...
    (microsoft.public.word.mailmerge.fields)