Plateforme Level Extreme
Abonnement
Profil corporatif
Produits & Services
Support
Légal
English
Hide Password
Message
De
23/08/2000 10:35:38
Mark Hall
Independent Developer & Voip Specialist
Keston, Kent, Royaume Uni
 
 
À
23/08/2000 03:23:35
Tim Mcconechy
Runtime
Vejle, Denmark
Information générale
Forum:
Internet
Catégorie:
SQL Server
Titre:
Re: Hide Password
Divers
Thread ID:
00408132
Message ID:
00408231
Vues:
22
>I setup a test environment and have a lot of ASP pages getting data
>from a SQL Server in a CRM application.
>
>But I see one security hole. The password to SQL Server is embedded
>in the ASP code so any user code via the password.
>
>I think this would be a common problem how could one solve this??

Users shouldn't be able to download the ASP source from your server so the password should be safe.

It's better to store the password in an application or session variable created in global.ini Theoretically it's even more difficult for the user to get to the global.ini file contents.

To make things even more secure, make all your data access (from the web) through SQL stored procedures. This way you only grant the web user access to the stored procedures and not the actual tables.
Regards
Mark

Microsoft VFP MCP
Menulib - OO Menus for VFP www.hidb.com/menulib
Précédent
Répondre
Fil
Voir

Click here to load this message in the networking platform