best place to store connection string? - SQL Server Forums

Home | Weblogs | Forums

Site Sponsored By: SQLDSC - SQL Server Desired State Configuration

Please start any new threads on our new site at https://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

All Forums

Development Tools

Other Development Tools

best place to store connection string?

Author

Topic

alexjamesbrown
Starting Member

48 Posts

Posted - 2007-06-01 : 07:59:10

Hi,
just a quick question...

I usually create a db.asp file, and include it on each page i need the db connection, but where do you think is the best place to store the db connection? anything a bit more secure?

global.asa?

spirit1
Cybernetic Yak Master

11752 Posts

Posted - 2007-06-01 : 08:16:07

web.config is the usual place

_______________________________________________
Causing trouble since 1980
blog: http://weblogs.sqlteam.com/mladenp

afrika
Master Smack Fu Yak Hacker

2706 Posts

Posted - 2007-06-14 : 13:15:51

webconfig ?

Thats in .net

In ASP, use global.asa file or create a connection string file

afrika
Master Smack Fu Yak Hacker

2706 Posts

Posted - 2007-06-14 : 13:22:15

By the way to answer your question.

I havent found any "SECURE" way of encrypting databases connection in asp. Your solution above is basically what i use or reference from the global.asa file. Thats why web.config was introduced and later remodified in .net 2.0

Afrika

Kristen
Test

22859 Posts

Posted - 2007-06-14 : 14:21:48

We don't use global.asa (Can't remember why, must have been some sort of contention of single-threading issue)

We INCLUDE a file from OUTSIDE the WWWW publicly-accessible space with the database connection.

We use TRUSTED connection (rather than SQL Server Login / Password) so that even if a hacker finds the connection string they still need to be on a trusted machine to use it

Kristen

afrika
Master Smack Fu Yak Hacker

2706 Posts

Posted - 2007-06-14 : 18:56:55

thats very smart Kristen, but i guess that will only work on a dedicated server.

Another option is to create a special account and assign priviledges to it.

Kristen
Test

22859 Posts

Posted - 2007-06-15 : 04:29:21

"that will only work on a dedicated server"

Well, our servers are shared, but only by customers that we write applications for [if that was what you meant?]

Kristen

Subscribe to SQLTeam.com

SQLTeam.com Articles via RSS

SQLTeam.com Weblog via RSS

- Advertisement -

Resources