add security note

PatrickFarley · PatrickFarley · commit 7f2b5b8d8660 · 2022-12-29T12:09:36.000-05:00
diff --git a/articles/cognitive-services/Computer-vision/Tutorials/storage-lab-tutorial.md b/articles/cognitive-services/Computer-vision/Tutorials/storage-lab-tutorial.md
@@ -133,6 +133,9 @@ In this section, you'll create a new Web app in Visual Studio and add code to im
     <add key="StorageConnectionString" value="DefaultEndpointsProtocol=https;AccountName=ACCOUNT_NAME;AccountKey=ACCOUNT_KEY" />
     ```
 
+    > [!CAUTION]
+    > The _Web.config_ file is meant to hold sensitive information like your subscription keys, and any HTTP request to a file with the _.config_ extension is handled by the ASP.NET engine, which returns a "This type of page is not served" message. However, if an attacker is able to find some other exploit that allows them to view your _Web.config_ contents, then they'll be able to expose this information. See [Protecting Connection Strings and Other Configuration Information](/aspnet/web-forms/overview/data-access/advanced-data-access-scenarios/protecting-connection-strings-and-other-configuration-information-cs) for extra steps you can take to further secure your _Web.config_ data.
+
 1. Open the file named *_Layout.cshtml* in the project's **Views/Shared** folder. On line 19, change "Application name" to "Intellipix." The line should look like this:
 
     ```C#
