Drewby

I don't think it's any less secure than COM+ applications that make use of the COM+ catalog. Both config files and COM+ catalog settings can change the behavior of an application, and you should take steps to secure your production environments against these changes. This is where "secure in deployment" comes in. End users shouldn't have the ability to make arbitrary changes to application configuration files deployed on a production machine. Those files should be ACL'ed and change controlled, just like other sensitive files on the box.

It's worth noting that you can encrypt your configuration files using the Enterprise Library configuration framework, which provides an additional layer of security against these types of attacks.

But you do raise a good point -- configuration changes are another potential attack vector that should *absolutely* be considered in any application's threat modeling process.

This is a bit different than COM+ config. That is more analogous to changing AppSettings in the .config file of an application.

You can protect the config settings by encrypting them!