How to hide password from database connection string?

Hello,

I want to know if its possible to hide a password from connection string or go around somehow so the password would be invisible? The reason I want to do that is because our webpages are located in a different domain and people that own that domain do not need to know our database password.... but they have to connect toour database and use stored procedures and alter tables, but I dont want them to go to our database and edit any stored procedures or see them for that matter...

I was thinking that one way to go around this would be by creating an extra Database user, limiting his permissions or roles and having those people on other domain use a connection string with that new user.. Although first of all I am not sure if its possible to create that sort of limitation on a user, does any one know if it is?
and secondly I couldnt add the user to my database, I created a user in discountasp panel and there they had a link to a tutorial to connect the user to the database using Enterprise Manager, unfortunatelly I dont have SQL 2000 on my computer neither do I have Enterprise Manager, I couldnt find an option of adding a user in MyLittleAdmin, so I tried another software called Aqua Data Studio, there they have that option, but its not working for some reason, although they provide the code with which they try to add a user to a database, here is the code:

sp_adduser N'SATUser', N'SATUser'
GO
EXEC sp_addrolemember 'public', 'SATUser'

but it returns a followingerror:

EXECUTE permission denied on object 'sp_adduser', database'master', owner 'dbo'.

Is there SQL code available to add a user to a database that I can insert into a query analyzer?

But first of all is it even possible to create a user with limited access permissions to the database? Or are there other ways of hidding a password from a query string?

Please let me know,

Thanks in advance

 

I am sorry I guess I didnt mention where the connection string is located,


Bassically here is the situation:


The database connection string is located in an ASP file on one domain, that domain is not owned by us, but that connection string connects to our database that is located on our/different domain.


I dont want the password to be shown in that connection string..

I dont know how to go about this, can I encrypt a database connection string inside a web.config file and then point ASP file toit? I've never done that.. I just dont want the password shown in ASP file of that connection string, I am open to any suggestions..

 

oh and both domains are run from your, (discountasp) host site..

 

Your server to be even more clear...

 

The connection string is defined on a separete ASP file on their domain but that file is still available for viewing so the password can be found..Are there any other ways to go about this?

 

We're not allowed to encrypt our web.config here.


Classic ASP doesn't make use of a web.config anyway.


Pretty much a standard with classic ASP has been placing the connection string in another file/location on the server.


You can for example create another ASP page that specifies a DSN on the server:


<%
Dim myMain_STRING
myMain_STRING = "dsn=thename;uid=username;pwd=password;"
%>

 

Thanks for all the responses, but I guess the only good way to go about this is to encrypt the web.config file, but unfortunatelly, we're not allowed to do that, so I am out of luck on this one