Login | Register   
LinkedIn
Google+
Twitter
RSS Feed
Download our iPhone app
TODAY'S HEADLINES  |   ARTICLE ARCHIVE  |   FORUMS  |   TIP BANK
Browse DevX
Sign up for e-mail newsletters from DevX


Tip of the Day
Language: Active Server Pages (ASP)
Expertise: Beginner
Dec 16, 1999

Open ODBC Connection Without Hardcoding Password

Question:

In my ASP page, I open an ODBC connection with:

Set Conn = Server.CreateObject("ADODB.Connection")
Conn.CommandTimeout = 600
Conn.open "Database_name","Username","password".

How can I avoid hardcoding the password in the ASP source?

Answer:

You have a few options. First, you could use a File DSN and include the ID and password inside the file DSN. Then place the File DSN in a directory under NTFS that is not accessible to anybody but the authorized people (and the IUSR_machinename account).

Another option is to not make database calls from the ASP page. Instead have it call a COM component that in turn calls the database. Hide your ID and password inside the compiled COM component, or in the system registry in some weird place.

You could also wait for Windows 2000 which will contain IIS 5.0/COM++, where you can supply the connection string as a string property on a COM++ (previously MTS) package accessible only from the machine itself, and only by authorized users.

DevX Pro
 
Comment and Contribute

 

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Sitemap
Thanks for your registration, follow us on our social networks to keep up-to-date