Security question

Results 1 to 3 of 3

Thread: Security question

  1. #1
    Join Date
    Dec 1969

    Default Security question

    I am in the process of doing a security audit on a client. On a page when you view source you can see connection data.Example:<BR>Set dbConnect = Server.CreateObject("ADODB.Connection")<BR>Call dbConnect.Open("hits", "", "")<BR><BR>I know how to secure this (password,have connection data in .asp file..). <BR>But is it possible to hack their Access database with this information. If yes then I have earned some pocket money!<BR>A friend believes it is not possible. he says the dsn "hits" is only accessible from the clients web space.<BR>Is this true or can it still be hacked?<BR><BR><BR><BR>

  2. #2
    Join Date
    Dec 1969
    Los Angeles, CA

    Default WHAT???

    why can you see connection data when you do a view source??<BR><BR>do exactly that......throw that in an asp file then you should nto see it<BR><BR>&#062;the clients web space.<BR>To my limited knowledge i guess only from the server this DSN is on.....but hey maybe it is.....*I* dont know of any way though.<BR><BR>as for the access db the only way *I* know is if you put it in your web app folder then ANYONE who knows the path can download the file.....he would not even need the pwd.<BR><BR>

  3. #3
    Join Date
    Dec 1969

    Default Value of seeing

    Answer is I don&#039;t know... But you have earned your money! You have a possible loop hole. I would be horrified if that info was outside the company!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts