Professional Web Applications Themes

Password Storing Standard - ASP Database

Hello, When I'm creating database driven asp applications, I store my constants, including my connection string to the database within an asp file called constants.asp. All constants are stored inside asp coding <% ... %> so people can't save the data through the web. I've been told this is an insecure way of storing the connect string becuase my connect string would also store the username and password to connect to the db. My question is, what is the current standard for storing an connect string to a database for asp applications? Thanks....

  1. #1

    Default Password Storing Standard

    Hello,

    When I'm creating database driven asp applications, I store my constants,
    including my connection string to the database within an asp file called
    constants.asp. All constants are stored inside asp coding <% ... %> so
    people can't save the data through the web.

    I've been told this is an insecure way of storing the connect string becuase
    my connect string would also store the username and password to connect to
    the db.

    My question is, what is the current standard for storing an connect string
    to a database for asp applications?

    Thanks.


    Kit Guest

  2. #2

    Default Re: Password Storing Standard

    On Fri, 1 Oct 2004 11:20:32 -0400, "Kit Truong"
    <ca> wrote:
     

    What database? If SQL, you could use SQL permissions and Windows
    Authentication and have no password stored anywhere. Yolu could also
    lock down the database user so a password and account wouldn't get a
    hacker anywhere useful.

    FWIW, a password in an ASP connection string is relatively safe since
    nobody can download the code.

    Jeff
    Jeff Guest

  3. #3

    Default Re: Password Storing Standard


    "Jeff Cochran" <com> wrote in message
    news:microsoft.com...
     

    Additionally, it is quite common for people to keep DB passwords in clear
    text in code. As long as you don't do something silly like put it in a file
    called connections.inc and make that http accessible, no one can get to via
    a browser. And as long as your server is secure as to who can access the
    WWW area of the file system, you're okay.

    Ray at work


    Ray Guest

  4. #4

    Default Re: Password Storing Standard

    Any time you have a "visible" password anywhere, you can opening up your
    security. Although the password is not visible to your users, anyone with
    access to your file can view it. While this is not a problem in dedicated
    hosted environments, the same is not true with shared-hosting environments.


    --
    Manohar Kamath
    Editor, .netWire
    www.dotnetwire.com


    "Kit Truong" <ca> wrote in message
    news:8Be7d.667$bellglobal.com... 
    becuase 


    Manohar Guest

Similar Threads

  1. open and close a standard password proteted pdf
    By Davide Gironi in forum Adobe Acrobat SDK
    Replies: 0
    Last Post: October 15th, 03:30 PM
  2. unlock standard password plug-in
    By F1uiD@adobeforums.com in forum Adobe Acrobat SDK
    Replies: 0
    Last Post: October 2nd, 02:28 PM
  3. Storing encrypted password in xml file??
    By smita in forum ASP.NET Security
    Replies: 1
    Last Post: January 29th, 04:31 PM
  4. Connecting to MySQL without storing password in clear text
    By Eto Demerzel in forum PHP Development
    Replies: 0
    Last Post: September 13th, 08:35 PM
  5. Storing password in informix database
    By Chavan Koya in forum Informix
    Replies: 1
    Last Post: July 11th, 06:00 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139