I usually see the database's user name and password hardcoded in an asp file. In connecting to the database (example SQL Server), these values are used. Doesn't this pose a security issue? Are there any other alternatives out there if I don't want to hardcode the username (i.e. 'sa') and password (i.e. 'password')? Thanks.