If you're concerned about keeping critical information in your Web.config file, then you should encrypt it -- or at least the parts that you're concerned about.

An additional problem is that Web.config files were designed to be changed at any time, even after the Web-based applications are in production.

A major area where security is often lax is the web.config file. Usually stored in plain text, an intruder who gains access to this file can then easily access databases and other resources both ...

The ability for Visual Studio to automatically transform your development Web.config file into a production version is certainly convenient ... but only if the transformation is done right. Here's how ...

Tweaking the settings in your configuration files in ASP.Net can provide a nice performance boost. These files include machine.config and web.config. The web.config file is application-specific ...

Likewise, the Machine.config system file provides ASP.NET configuration settings for the entire Web server and forms the base settings for Web.config files used within an ASP.NET application ...

So the customer has some funtionality governed by .Net in their web application. We've been seeing some issues with this function in which periodically the end user gets a session timeout.One of ...

However, even the most meticulous and security-aware C# or VB.NET code can still be vulnerable to attack if you neglect to secure the Web.config configuration files of your application.