1. Miguel Alzate
  2. SnapDevelop
  3. Friday, 25 October 2024 03:09 AM UTC

Hello, Community.

I apologize in advance if I seem naive or ignorant in asking for help on the following topic:

SnapDevelop API projects based on the Datawindow Converter tool use the appsettings.json file, which contains the database's connection strings. These connection strings include, among other confidential information, the respective unencrypted passwords. The problem is that, when deploying the API, this file is copied to the server, thus exposing highly sensitive information such as server and database names, users and, most importantly, passwords for accessing the databases.

How can this inconvenience be resolved?

Logan Liu @Appeon Accepted Answer Pending Moderation
  1. Friday, 25 October 2024 05:34 AM UTC
  2. SnapDevelop
  3. # 1

Hi Miguel,

Please refer to the answer in this post: Hosting encrypted appsetting.json file for RESTAPI

Regards, Logan

Comment
  1. Miguel Alzate
  2. Friday, 25 October 2024 09:49 AM UTC
Hi, Logan.

Thanks for your help. Just a question: Is this subject resolved in newer versions of SnapDevelop?
  1. Helpful
  1. Francisco Martinez @Appeon
  2. Friday, 25 October 2024 14:26 PM UTC
Hi Miguel,

This is not a bug, it's just how ASP.NET Core Web APIs work. The appsettings.json file is just one way to store configuration, it doesn't necessarily have to contain only sensitive data. Thus it's up to the developer to determine what qualifies as sensitive data and what the best way to keep it protected is (i.e. passing it through environment variables, command line arguments, loading it from a secure service, etc.)



Regards,

Francisco
  1. Helpful
There are no comments made yet.
  • Page :
  • 1


There are no replies made for this question yet.
However, you are not allowed to reply to this question.
We use cookies which are necessary for the proper functioning of our websites. We also use cookies to analyze our traffic, improve your experience and provide social media features. If you continue to use this site, you consent to our use of cookies.