views:

318

answers:

4

I've only recently started working with asp.net and c#. Is there a standard practice set of web.config settings for a live final website? There seem to be a ton of options available and I'm looking to streamline performance, close possible security holes and other unecessary options.

+1  A: 

An empty web.config (or at least an absent <system.web> element) would mean that all of the framework's recommended defaults would take effect. You would then just need to be concerned with the host (e.g., IIS) set-up.

Mark Cidade
+1  A: 

Start with a clean web.config and only add the sections you need.

For security, all you really can do is make sure you flag <compelation debug="false"> for your production box and set custom errors to true.

Rob Allen
+1  A: 

Secure all folders containing any sensitive info with the location tag. Encrypt any connection strings with DPAPI.

Gulzar