Hello, Community.
I apologize in advance if I seem naive or ignorant in asking for help on the following topic:
SnapDevelop API projects based on the Datawindow Converter tool use the appsettings.json file, which contains the database's connection strings. These connection strings include, among other confidential information, the respective unencrypted passwords. The problem is that, when deploying the API, this file is copied to the server, thus exposing highly sensitive information such as server and database names, users and, most importantly, passwords for accessing the databases.
How can this inconvenience be resolved?
Thanks for your help. Just a question: Is this subject resolved in newer versions of SnapDevelop?
This is not a bug, it's just how ASP.NET Core Web APIs work. The appsettings.json file is just one way to store configuration, it doesn't necessarily have to contain only sensitive data. Thus it's up to the developer to determine what qualifies as sensitive data and what the best way to keep it protected is (i.e. passing it through environment variables, command line arguments, loading it from a secure service, etc.)
Regards,
Francisco