>By the way, this iis4-started object will automatically open up a db-connection at times. Do you know of a trick to secure the odbc connection info (user id+password) from hackers?
UserId and Password never leaves the server so there shouldn't be a problem.
>My current choice is limited to:
>- embed the password in the com exe or dll (not a choice as it need to be changed often),
>- put it - possibly encrypted - in an ini file probably in a secure place
>(not available by the iusr).
>
>Any more secure alternative to prevent unauthorised access to the db-server (a sybase anywhere engine)?
>
Those are fine... Even if someone gets the username and password, how are they going to connect to your datasource? It's not like they have a connection to the server to run code...
Storing the username password is not the most secure way even when encrypted, but it depends on your business environment. If the server is secure and nobody untrusted has physical access to it then no problem.