MS SQL Server - security/connection strings

Discussion in 'Databases' started by _Mark, Aug 27, 2005.

Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.
  1. _Mark

    _Mark

    Wonder if anyone can help someone new to MS SQL...have just upsized an Access mdb to SQL. With the old Access connection string, I could connect to the MDB in a protected folder using a simple virtual path.

    However, I notice with the MS SQL connection string, contained within a config.asp file, I have to use:
    Provider=sqloledb;Data Source=mssql02,1433;User Id=DB_123456_databasename_user;Password=*****; (I've changed the Id and blanked out the password here, but the password is in plain text in the config.asp file).

    Doesn't this pose a security risk at all, and is there another way of doing this? I'm worried that if a person could get access to the config.asp file, it would potentially give them access to the web based control panel where they could reek all sorts of havoc...I'm sure that they wouldn't need the brains of a rocket scientist to work out where and how to log in.

    Or am I being paranoid?

    Thanks, Mark
     
    _Mark, Aug 27, 2005
    #1
  2. Bruce

    Bruce DiscountASP.NET Staff

    Web user cannot access the script source so they should not be able to read your connection string.

    Bruce

    DiscountASP.NET
    www.DiscountASP.NET
     
    Bruce, Aug 29, 2005
    #2
Thread Status:
Threads that have been inactive for 5 years or longer are closed to further replies. Please start a new thread.

Share This Page