How do I protect my connection string?

Results 1 to 3 of 3

Thread: How do I protect my connection string?

  1. #1
    Join Date
    Dec 1969

    Default How do I protect my connection string?

    I have this dsn-less connection string:<BR>Provider=SQLOLEDB; Data Source=server_name; Initial Catalog=database_name; User Id=user_name; Password=user_password <BR><BR>I don&#039;t want the &#039;User Id&#039; and the &#039;Password&#039; could be known by unauthorized user and use them in another way to connect to my SQL Server and steal the data... how do I protect them?<BR><BR>thanks<BR><BR>Maverick<BR><BR>j_singa<BR>

  2. #2
    Join Date
    Dec 1969

    Default They are already

    As the ASP is processed SERVER side, the client cannot see your connection string.<BR><BR>Try it... Open a page in your browser and then view the source, the connection string won&#039;t be visible.<BR><BR>One important thing though is that if you open your connection in an included file, make sure that the include file has a .Asp extension and NOT a .Inc.<BR>This will ensure that even if the client guesses the name of your include file, they will not be able to the the contents.

  3. #3
    Join Date
    Dec 1969

    Default Something else you can do...

    Is put the connection string include file outside of your wwwroot folder or any virtual directory. This leaves the file available through the file system for the server side include but won&#039;t be easy to get at from the web as it isn&#039;t in a folder that IIS makes available.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts