devxlogo

Open ODBC Connection Without Hardcoding Password

Open ODBC Connection Without Hardcoding Password

Why Trust Us

Question:

In my ASP page, I open an ODBC connection with:

Set Conn = Server.CreateObject("ADODB.Connection")Conn.CommandTimeout = 600Conn.open "Database_name","Username","password".

How can I avoid hardcoding the password in the ASP source?

Answer:

You have a few options. First, you could use a File DSN and include the ID and password inside the file DSN. Then place the File DSN in a directory under NTFS that is not accessible to anybody but the authorized people (and the IUSR_machinename account).

Another option is to not make database calls from the ASP page. Instead have it call a COM component that in turn calls the database. Hide your ID and password inside the compiled COM component, or in the system registry in some weird place.

You could also wait for Windows 2000 which will contain IIS 5.0/COM++, where you can supply the connection string as a string property on a COM++ (previously MTS) package accessible only from the machine itself, and only by authorized users.

See also  Why ChatGPT Is So Important Today
devxblackblue

About Our Editorial Process

At DevX, we’re dedicated to tech entrepreneurship. Our team closely follows industry shifts, new products, AI breakthroughs, technology trends, and funding announcements. Articles undergo thorough editing to ensure accuracy and clarity, reflecting DevX’s style and supporting entrepreneurs in the tech sphere.

See our full editorial policy.

About Our Journalist

Charlie Frank

Charlie has over a decade of experience in website administration and technology management. As the site admin, he oversees all technical aspects of running a high-traffic online platform, ensuring optimal performance, security, and user experience.
View Author
Show More