Open ODBC Connection Without Hardcoding Password

Open ODBC Connection Without Hardcoding Password


In my ASP page, I open an ODBC connection with:

Set Conn = Server.CreateObject("ADODB.Connection")Conn.CommandTimeout = "Database_name","Username","password".

How can I avoid hardcoding the password in the ASP source?


You have a few options. First, you could use a File DSN and include the ID and password inside the file DSN. Then place the File DSN in a directory under NTFS that is not accessible to anybody but the authorized people (and the IUSR_machinename account).

Another option is to not make database calls from the ASP page. Instead have it call a COM component that in turn calls the database. Hide your ID and password inside the compiled COM component, or in the system registry in some weird place.

You could also wait for Windows 2000 which will contain IIS 5.0/COM++, where you can supply the connection string as a string property on a COM++ (previously MTS) package accessible only from the machine itself, and only by authorized users.

See also  5 Tips for Choosing the Right Medical Software for Your Practice

About Our Editorial Process

At DevX, we’re dedicated to tech entrepreneurship. Our team closely follows industry shifts, new products, AI breakthroughs, technology trends, and funding announcements. Articles undergo thorough editing to ensure accuracy and clarity, reflecting DevX’s style and supporting entrepreneurs in the tech sphere.

See our full editorial policy.

About Our Journalist