ASP.Net Core Secure Storage of Application Data
Hi,
I'm new to ASP.Net Core and C# in general, so maybe I'm not using the right keywords in my searches...
I'm trying to develop a multi-tenanted app (developing under Win 10, most likely production server will be Ubuntu with Nginx reverse proxy). At this stage, I am leaning towards using a SQLite database per tenant to store both the tenant's data and user login credentials.
This is where I run into my first problem: what is the correct storage location for sensitive application data (in this case the SQLite files)?
The closest thing to an answer I've found was here, but there seems to be a bit of contention as to whether wwwroot is really an appropriate storage location - is this actually an issue? (i.e. can a malicious actor download the files form here like any other static file).