Security aspect of using Enterprise Library Exception Handling Application Block

Topics: Exception Handling Application Block
Jun 14, 2007 at 6:31 AM
I am planning to use the Enterprise Library Exception handling application block for my application and I am new to it. I came across few websites stating that when end users use the application that contains the exception handling application block, they have a chance to change the application.config file and change the flow of execution by changing policies. Could that be possible? If yes, What needs to be done inorder to make it more secure? How to do it?
Jun 14, 2007 at 3:20 PM
The configuration settings for Enterprise Library are by default in an XML File, which could be the app.config, web.config, or an external configuration file. So, yeah, anyone who gets access to the configuration file can modify it. This is the whole point. You ( the developer ) can often modify the configuration settings without changing source code, which makes your applications far more maintainable, flexible, and extensible.

Secure it like you do any other file in your application, like the app.config or web.config.

However, Enterprise Library can work with any IConfigurationSource. So, you could use a SQL Server Database as a configuration source, too. An example ships with the QuickStarts.




David Hayden
Microsoft MVP C#
Jun 14, 2007 at 8:24 PM
If I store my config in a database for securing the contents of the config file. How will my application connects to the database to retrieve the config data in first place? Is there a secure way?