If you're concerned about keeping critical information in your Web.config file, then you should encrypt it -- or at least the parts that you're concerned about.

Creating a Web configuration INI file Application-specific configuration information has historically been stored in INI files, which are plain-text files that contain key/value data within sections.

A major area where security is often lax is the web.config file. Usually stored in plain text, an intruder who gains access to this file can then easily access databases and other resources both ...

You can add a web.config file to your folder which just contains the above, or you can use the <location> tag in your main web.config to achieve the same effect: <location path="Upload"> <system.web> ...

Where should you specify this? Well can specify such details in the web.config file. You can add and remove HTTPhandlers using the configuration section in your applications configuration file.

A well-intentioned system administrator could inadvertently get around application security measures and open the Web site to attack just by modifying the configuration file.

While the settings in the web.config file apply only to the application, the settings present in the machine.config file are applicable machine-wide.

Learn to develop a modern Java web application with this Apache Struts 2.5 example. No Struts config XML files are required. This zero-config Struts example goes without!

Virtually all Web-based applications require some debugging. Visual Studio 2005 will even automatically modify the Web.config file to allow debugging when you start to debug your application.