Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Hide Password
Message
From
23/08/2000 10:35:38
Mark Hall
Independent Developer & Voip Specialist
Keston, Kent, United Kingdom
 
 
To
23/08/2000 03:23:35
Tim Mcconechy
Runtime
Vejle, Denmark
General information
Forum:
Internet
Category:
SQL Server
Title:
Re: Hide Password
Miscellaneous
Thread ID:
00408132
Message ID:
00408231
Views:
20
>I setup a test environment and have a lot of ASP pages getting data
>from a SQL Server in a CRM application.
>
>But I see one security hole. The password to SQL Server is embedded
>in the ASP code so any user code via the password.
>
>I think this would be a common problem how could one solve this??

Users shouldn't be able to download the ASP source from your server so the password should be safe.

It's better to store the password in an application or session variable created in global.ini Theoretically it's even more difficult for the user to get to the global.ini file contents.

To make things even more secure, make all your data access (from the web) through SQL stored procedures. This way you only grant the web user access to the stored procedures and not the actual tables.
Regards
Mark

Microsoft VFP MCP
Menulib - OO Menus for VFP www.hidb.com/menulib
Previous
Reply
Map
View

Click here to load this message in the networking platform