tags:

views:

95

answers:

5
+7  Q: 

How do I secure my "hibernate.cfg.xml" file? (Nhibernate)

How do I secure my "hibernate.cfg.xml" file? (Nhibernate). It currently sits in the route of the web app and can be viewed via the browser.

+1  A: 

That's a very good question.

There must be a few ways to secure it. One I can think of is - if you are not serving an XML in the web site - to change the MIME type of the XML registered against the web site so that it is not served.

Other solutions not directly securing the "hibernate.cfg.xml" file:

1) Define the configuration in web.config using NHibernate section handler

2) Configure in the code

3) Setup NHibernate to read a file with .config extension

Aliostad  2010-10-11 10:55:11
A: 

Put NHibernate config in web.config, this way it won't be viewed in browsers.

sh_kamalh  2010-10-11 10:59:18
+1  A: 

It could live in the bin directory and that way it is protected as well as if if you need to modify it, your app will auto restart as a change was made in the bin directory.

edit
you might actually want/have to do this if your nhibernate code lives in a separate class library such that you don't want to mix its configuration in with the web.config (or app.config if sharing the library between interfaces)

davidsleeps  2010-10-11 11:10:49
1+ for mentioning bin
Aliostad  2010-10-11 11:23:43
+4  A:  
<configuration>
  <system.web>
    <httpHandlers>
      <add verb="*" path="hibernate.cfg.xml"
           type="System.Web.HttpForbiddenHandler"/>
    </httpHandlers>
  </system.web>
<configuration>
Diego Mijelshon  2010-10-11 12:25:17
This seems clean, interested to hear peoples views on this...
Andi  2010-10-11 12:34:26
BTW, that's exactly what is done by default with *.config files
Diego Mijelshon  2010-10-11 17:18:15
+2  A: 

Your hibernate.cfg.xml should be set to 'Copy to Output Directory: Copy Always' When you build it it is copied into your output direct. If you publish your site, it will only be in your output (bin) directory so noone will be able to access it.

Alistair  2010-10-12 03:16:34
Any comments on this?
Andi  2010-10-12 09:00:29
Check out: http://nhforge.org/wikis/howtonh/your-first-nhibernate-based-application.aspx 'Add a new xml file to the FirstSolution project and call it hibernate.cfg.xml. Set its property "Copy to Output" to "Copy always".' If you do this then it is read from your bin folder (and protected from being accessed). There is no reason for it to exist anywhere else.
Alistair  2010-10-13 22:37:22

related questions

Subsonic Vs NHibernate
How to check For File Lock in C# ?
Is nAnt still supported and suitable for .net 3.5/VS2008?
Limit size of Queue<T> in .NET?
Viewstate invalid when using Safari
Free OCR library
Unhandled Exception Handler in .NET 1.1
Localising date format descriptors
Get a new object instance from a Type in C#
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
.NET Testing Framework Advice
Embedded Database for .net that can run off a network
Automatically update version number
Homegrown consumption of web services
How do you migrate a large app from VB6 to VB .net ?
.NET Migrations Engine
Adding Scripting functionality to .NET applications
SQLite and XSD
Floating Point Number parsing: Is there a Catch All algorithm?
How do I programmatically create a PDF in my .NET application?
How do I sync the SVN revision number with my ASP.NET web site?
XSD DataSets and ignoring foreign keys
Anatomy of a "Memory Leak"
Reliable Timer in a Console Application
How do I calculate relative time?