Sensitive data includes application configuration details (for example, connection strings and service account credentials) and application-specific data (for example, customer credit card numbers ). The following recommendations help to reduce risk when you handle sensitive data:
Do not pass sensitive data from page to page .
Avoid plain text passwords in configuration files .
Use DPAPI to avoid key management .
Do not cache sensitive data .
Avoid using any of the client-side state management options, such as view state, cookies, query strings, or hidden form-field variables , to store sensitive data. The data can be tampered with and viewed in clear text. Use server-side state management options, such as a SQL Server database for secure data exchange.
The <processModel> , <sessionState> , and <identity> elements in Machine.config and Web.config have userName and password attributes. Do not store these in plaintext. Store encrypted credentials in the registry using the Aspnet_setreg.exe tool.
For more information about encrypting credentials in configuration files and about Aspnet_setreg.exe, see Chapter 19, "Securing Your ASP.NET Application and Web Services."
DPAPI is ideally suited for encrypting secrets such as connection strings and service account credentials. If your pages need to use this type of configuration data, use DPAPI to avoid the key management problem.
For more information see "Cryptography" in Chapter 7, "Building Secure Assemblies."
If your page contains data that is sensitive, such as a password, credit card number, or account status, the page should not be cached. Output caching is off by default.