All geek questions in one place

ASP.NET Web Application Development: Hiding Confidential Information from Contractors / Freelancers

I am developing a web application using Amazon web services. I am using ASP.NET MVC. I also use several Amazon Web Serivces, including S3, EC2, and SQS. I plan to hire freelancers to help development. Now I put the Amazon Web Service key and private key in the web.config file and connected to my credit card. I use SVN and TeamCity hosted source control for automatic build and testing.

The question is, is there a way a freelancer can check the code and test without knowing confidential information such as an AWS key and secret? Should I put it in another file? Should I put it in a database and encrypt it?

+3
source share
4 answers
  • you have a test account for your development and freelancers
  • you can encrypt sections of web.config after the steps mentioned here
  • you can move the key in the code and compile the layer as a dll and give it to Developers
+4
source

, . .net , , ... . , - , . , , , .

- . , . , SVN, , .

+2

- . DLL, DLL Reflector. web.config, - , , - . , , , - , , , , .

, . , .

, , , , . , AWS -.

+1

- . , . , , , , , .

, Rony - , , . , , , , , , . AWS , , .

Another angle, depending on how much of the service API you use and your skills as an encoder, is the abstraction of S3 bits behind your own storage interface. Provide developers with a backup implementation other than S3 when saving your s3-enabled implementation to a separate repository that they don’t have access to, then switch to the s3-backed option if necessary. This has long-term benefits, such as simplifying the switch of storage providers if necessary.

+1
source

Source: https://habr.com/ru/post/1710815/

More articles:


All Articles