Sensitive Data

Do not Pass Sensitive Data from Page to Page

Avoid using any of the client-side state management options, such as view state, cookies, query strings, or hidden form-field variables , to store sensitive data. The data can be tampered with and viewed in clear text. Use server-side state management options, such as a SQL Server database for secure data exchange.

Avoid Plaintext Passwords in Configuration Files

The <processModel> , <sessionState> , and <identity> elements in Machine.config and Web.config have userName and password attributes. Do not store these in plaintext. Store encrypted credentials in the registry using the Aspnet_setreg.exe tool.

For more information about encrypting credentials in configuration files and about Aspnet_setreg.exe, see Chapter 19, "Securing Your ASP.NET Application and Web Services."

Use DPAPI to Avoid Key Management

DPAPI is ideally suited for encrypting secrets such as connection strings and service account credentials. If your pages need to use this type of configuration data, use DPAPI to avoid the key management problem.

For more information see "Cryptography" in Chapter 7, "Building Secure Assemblies."

Do Not Cache Sensitive Data

If your page contains data that is sensitive, such as a password, credit card number, or account status, the page should not be cached. Output caching is off by default.