安全存放web項(xiàng)目數(shù)據(jù)庫連接字符串
2024-07-21 02:16:00
供稿:網(wǎng)友
我的做法是這樣:
1、在項(xiàng)目abc的下面建目錄settings,里面有文件settings.xml,其內(nèi)容是:
<?xml version="1.0" encoding="utf-8" ?>
<section name="settings">
<key name="sqlserver" value="mysvr" />
<key name="sqldatabase" value="mydb" />
<key name="sqluid" value="myid" />
<key name="sqlpwd" value="mypw" />
</section>
當(dāng)然,這里就是數(shù)據(jù)庫連結(jié)的基本信息。
2、在項(xiàng)目的web.config中,加入:
<configuration>
.....
<appsettings>
<add key="settingsfile" value=". ettings ettings.xml"></add>
</appsettings>
</configuration>
3、在global.asax.cs中:
protected void application_start(object sender, eventargs e)
{
setconnectionstring();
}
private void setconnectionstring()
{
string sserver, sdb, suid, spwd, strsettingsfile;
strsettingsfile = system.web.httpcontext.current.server.mappath("http://abc//") + system.configuration.configurationsettings.appsettings["settingsfile"];
application["databaseconnectionstring"] = "";
try
{
sserver = clscommon.readsettings(strsettingsfile, "sqlserver");
sdb = clscommon.readsettings(strsettingsfile, "sqldatabase");
suid = clscommon.readsettings(strsettingsfile, "sqluid");
spwd = clscommon.readsettings(strsettingsfile, "sqlpwd");
application["databaseconnectionstring"] = "server=" + sserver.trim() + ";database=" + sdb.trim() + ";uid=" + suid.trim() + ";pwd=" + spwd.trim() + ";";
}
catch(exception excp)
{
throw(excp);
}
}
這里,從web.config中讀到setting.xml所在的相對(duì)路徑,然后找到服務(wù)器上的文件,再讀取其內(nèi)容,就設(shè)定了application級(jí)別的變量databaseconnectionstring,當(dāng)然,如果是要求各個(gè)session的連接字符串不一定相同,可以改成session級(jí)別的。
4、在第3步中,用到的讀取xml文件的函數(shù)實(shí)現(xiàn)如下:
using system;
using system.xml;
using system.data;
using system.data.sqlclient;
using system.io;
using system.text;
using system.web;
namespace abc
{
/// <summary>
/// summary description for clscommon.
/// </summary>
public class clscommon: abc
{
private const string notfound = "<<nothing>>";
public clscommon()
{
//
// todo: add constructor logic here
//
}
static public string readsettings(string strsettingsfile , string skey)
{
xmltextreader xmltr = new xmltextreader(strsettingsfile);
xmldocument m_xmldocument = new xmldocument();
m_xmldocument.load(xmltr);
xmltr.close();
string strresult;
strresult = getsettingstr(m_xmldocument, "settings", skey, "");
return strresult;
}
static public string getsettingstr( xmldocument xmldocument , string sectionname , string keyname, string defaultvalue )
{
string skeyvalue ;
skeyvalue = _getsetting(xmldocument, sectionname, keyname);
if (skeyvalue == notfound )
skeyvalue = defaultvalue;
return skeyvalue;
}
static public string _getsetting(xmldocument xmldocument ,string sectionname ,string keyname )
{
string skeyvalue;
xmlnode xnsection;
xmlnode xnkey ;
xnsection = xmldocument.selectsinglenode("http://section[@name='" + sectionname + "']");
if(xnsection == null )
skeyvalue = notfound;
else
{
xnkey = xnsection.selectsinglenode ("descendant::key[@name='" + keyname + "']");
if( xnkey == null )
skeyvalue = notfound;
else
skeyvalue = xnkey.attributes["value"].value;
}
xnkey = null;
xnsection = null;
return skeyvalue;
}
}
總結(jié):安全存放web項(xiàng)目的數(shù)據(jù)庫連接字符串,可以把它保存在另一個(gè)目錄的xml文件中,易于維護(hù)、更換,同時(shí),可以設(shè)置此xml設(shè)置文件只允許asp_net用戶訪問,實(shí)現(xiàn)了安全保護(hù)。
回復(fù)人: cuike519(studing sps(修練中...)) ( ) 信譽(yù):100 2004-07-03 19:06:00 得分: 0
支持!!!
可是放在web.config里面有什么不安全的?如果在web.config里面不安全放在其他的目錄里面就更不安全了!你可以做一個(gè)簡(jiǎn)單的試驗(yàn),放一個(gè)xml文件和web.config在一起,web.config你打不開但是那個(gè)xml文件肯定可以打開!
回復(fù)人: athossmth(athos) ( ) 信譽(yù):100 2004-07-03 19:24:00 得分: 0
哪里哪里,當(dāng)然了,一般在web.config中就足夠了。
是這樣的,我們這里的控制要求是,最后項(xiàng)目projectabc發(fā)布的目錄是:
/ ervera/c$/apps/projectabc/
而連接字符串要放到
/ ervera/c$/apps ettings ettingabc.xml
里,在project的iis virtual directory之外,統(tǒng)一管理。
本文原發(fā)表于 http://community.csdn.net/expert/topic/3143/3143428.xml
注冊(cè)會(huì)員,創(chuàng)建你的web開發(fā)資料庫,
