Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

 All Forums
 SQL Server 2000 Forums
 SQL Server Development (2000)
 web.config and global.asa password protection

Author  Topic 

SamC
White Water Yakist

3467 Posts
Posted - 2002-12-18 : 08:16:45
Several moons ago I read a coding example which illustrated a method of hiding a DB password in web.config or global.asa. At least - the username / password were not visibile in plain text if these files somehow fell into the wrong hands. Instead, the P and U fields referred to some entity that presumably did text substitution at a later time to restore the password.

Of course, I can't find this reference now, so here I am...

Any pointers to articles or tools to achieve this end are appreciated.

Thank you and happy holidays,

Sam

Onamuji
Aged Yak Warrior

504 Posts
Posted - 2002-12-18 : 08:51:13
if you are using ASPNET just give that account access to the sql server and manage its permissions ... then you don't need to worry about UIDs and PWDs... if you are using ASP 3.0 you can write your components and place them in MTS (Component Services) and use the Constructor Argument to pass the connection string..
Go to Top of Page

SamC
White Water Yakist

3467 Posts
Posted - 2002-12-18 : 09:29:17
Thanks for the pointers.

Sam
Go to Top of Page

jasper_smith
SQL Server MVP & SQLTeam MVY

846 Posts
Posted - 2002-12-18 : 18:40:40
There are numerous options. Have a read of
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetch12.asp[/url]
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/SecNetHT18.asp[/url]

In fact, if you are using ASP.NET I would strongly advise reading all of the articles in this section of MSDN

Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication
[url]http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnnetsec/html/secnetlpMSDN.asp[/url]

There are tons of great advice,information and code samples.


HTH
Jasper Smith
Go to Top of Page
   

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources

Articles

Forums

Blogs

Contact Us

About the Site