ASP.NET SQL Connection Security; what should never go in a public github repository?

Lost my job last week and I'm working on an ASP.NET/Angular project to demonstrate what I know in .NET/C#. I'm wanting it to be public enough for potential employers to at least see that I'm comfortable working in this kind of tech, but my settings include my password for the local db, and I'm really really not a security person so I'm concerned there's something obvious that shouldn't be public. Unless I'm being overly paranoid. The server is only locally hosted right now, but if I get to the point of making it public I'm not sure the best way to securely host a database like that.
9 Replies
Jochem
Jochem4mo ago
things to exclude from the repo: username, password, host URL, database name, any cryptographic keys or certificates
ἔρως
ἔρως4mo ago
all those go in secrets but if you have to demonstrate your work to others, not having a need for a password at all is a very good idea
Jochem
Jochem4mo ago
Unless you're trying to demonstrate your ability to use the database engine as well
ἔρως
ἔρως4mo ago
good point but if you know sqlite, im more than likely know mysql in fact, most of the syntax is the same but i can't deny that sqlite isn't mysql
Ze Golly Gosh
Ze Golly GoshOP4mo ago
I'm so sorry for vanishing. I had a busy week and completely forgot I posted this after a while. Is there a good source on how to set up secrets? I'm just starting to get a handle on setting up an API and a Client project so I'm not sure how exactly to go about implementing secrets like that. I'll take a look into SQLite though since I may keep going with some of my own projects this way
ἔρως
ἔρως4mo ago
well, microsoft posted this on how to store secrets: https://learn.microsoft.com/en-us/aspnet/core/security/app-secrets and jetbrains has this: https://blog.jetbrains.com/dotnet/2023/01/17/securing-sensitive-information-with-net-user-secrets/ if you deploy to a server, you might want to use .env files
Ze Golly Gosh
Ze Golly GoshOP4mo ago
Thank you very much!!!
ἔρως
ἔρως4mo ago
you're welcome
Want results from more Discord servers?
Add your server