Ask a Question related to ASP Database, Design and Development.
-
PBS #1
ASP connect to SQL Server 6.5 approaches
Hi:
I am looking at an ASP application that has a connection to an SQL Server
6.5 database. I believe the connection is made in the global.asa, using
Visual Interdev generated code that includes the user name ( the infamous
"sa") and a corresponding password.
This approach doesn't strike me as being particularly secure. Is it OK, or
is there a recommended method for making this connection that is more
secure, and doesn't risk revealing this information?
Thanks,
Paul
PBS Guest
-
I have a flash movie running a http server but it needsto connect to another server in https.
I have a flash movie running a http server but it needs to connect to another server in https. I am having problems when trying to open the url in... -
I have a flash movie running a http server but it needsto connect to another server in https
I have a flash movie running a http server but it needs to connect to another server in https. I am having problems when trying to open the url in... -
ASP Add Record Approaches
The following ASP code yields the following run-time error, I want to know which approaches for adding records. Using "Insert Into" statement or... -
Approaches to Logging In
I'm currently working on a portion of a website for my high school's band (though I'm now in college) and one of the sections contains contact... -
[PHP] Approaches to Logging In
Seth Willits <mailto:seth@freaksw.com> on Friday, August 29, 2003 3:24 PM said: Well you could use cookies also but those can be tampered with.... -
Mark Schupp #2 Re: ASP connect to SQL Server 6.5 approaches
First you should never use the "sa" account for production. Set up a
SQLServer account with the minimum database access needed to run the
application.
The level of security of the connection information will depend on who you
are trying to protect it from. If your server has all of the security
patches then global.asa is fairly safe from access through the web-server.
Other options would be to:
Put the information in the system registry and use a component to read it.
Put the information into a compiled DLL and have that DLL open all database
connections.
Put the information into a file that is not accessible through the internet
and use FSO to read the data into your application.
--
Mark Schupp
Head of Development
Integrity eLearning
[url]www.ielearning.com[/url]
"PBS" <pbs@allwave.com> wrote in message
news:ea3uXi26DHA.1368@TK2MSFTNGP10.phx.gbl...or> Hi:
>
> I am looking at an ASP application that has a connection to an SQL Server
> 6.5 database. I believe the connection is made in the global.asa, using
> Visual Interdev generated code that includes the user name ( the infamous
> "sa") and a corresponding password.
>
> This approach doesn't strike me as being particularly secure. Is it OK,> is there a recommended method for making this connection that is more
> secure, and doesn't risk revealing this information?
>
> Thanks,
> Paul
>
>
Mark Schupp Guest
-
Aaron Bertrand - MVP #3 Re: ASP connect to SQL Server 6.5 approaches
> Put the information into a compiled DLL and have that DLL open all
databaseOr just return the connection information to ASP and have ASP open the> connections.
database connections. If the hacker can get at an ASP file and change it to
response.write/e-mail this information, they could also pass any queries
they want into the DLL, so doing everything from the DLL doesn't gain you
much except, potentially, worse performance.
A
Aaron Bertrand - MVP Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
