Hello,
I am not a Developer, I am trying to guide the development team on having a secure coding standard..
Problem description: Web.config files on IIS stores hard coded credentials in the web.config file which is used to connect to the SQL database.
Goal: Get rid of hard coded credentials in the script. Use credentials whose passwords could be changed in routine interval.
What are the different options get rid of the credentials from the config file.
I have seen options for encrypting the web.config file but would not want to go down that path. I am looking for an option which will let us not store the password in the code and give us an option to change the password for the IDs which may be used in the code to establish connection.
Thanks for the help.
San