Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

how to hide DB connection string on ASP page?

Status
Not open for further replies.
volk125

volk125

Technical User
Jul 10, 2003
76
CA
I need to find a good and very secure way to hide my database connection string in an ASP page. What's the best practice?
 
Sort by date Sort by votes
Why do you need to do that? Who is going to see it that you don't want to see it? It will never show up on the client side, so you don't have to worry about view source.

Tracy Dryden

Meddle not in the affairs of dragons,
For you are crunchy, and good with mustard. [dragon]
 
Upvote 0 Downvote
As an extension of Tracy's comment... the only people that might see your ASP code are other people with access to the server.

If you need to hide it from other web developers and system administrators, you could write a little COM object that returns an ADO Connection object that is already connected... at least then your connection string will be compiled into the binary.

Anyone willing and able to decompile your code to get a connection string is likely skilled enough to get it into your database via some other means. You don't have to make it impossible, you just don't want to your ASP to be the "low hanging fruit.
 
Upvote 0 Downvote
What about programs like Teleport that can download the contents of your website. I'm sure there are a few others that are even better and can basically retrieve the asp files. And then view them locally. Maybe I'm not understanding something about ASP security but I think it's possible. Any input?
 
Upvote 0 Downvote
Yes they retrieve the output of the ASP files, since any request to the server for an ASP page runs the page through the scripting engine before delivering the final results to the requesting agent.

Lee
 
Upvote 0 Downvote
Active Server Pages

Pages that run on the SERVER.

The output from a page is what gets served by the webserver, not the source. anyone accessing via HTTP will only get served what they are permitted to see as a result of executing the ASP file. view-source will provide you with what they see.

Of course if you have a poorly configured webserver, anything is posssible.. but if your webserver is open enough to get the SOURCE asp files, then the connection string is the least of your worries.


If you want to see the raw response from your webserver try this:

[tt]telnet your_webservers_address_or_ip 80[/tt]
(e.g. [tt]telnet 80[/tt])

and once connected type:

[tt]GET / HTTP/1.1[/tt]

press return twice.
..that is everything a user will get from the webserver for the default document - including headers etc, you should be able to see that anything inside the <% %> bits of your ASP page are not visible.

A smile is worth a thousand kind words. So smile, it's easy! :)
 
Upvote 0 Downvote
no further explanations required. appreciated everyone's response. thank you
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

penguinspeaks
  • Locked
  • Question
Return to current location on page after asp processes.
Replies
2
Views
187
penguinspeaks
penguinspeaks
leifoet
  • Locked
  • Question
How to send HTML emails with ASP classic?
Replies
0
Views
234
leifoet
leifoet
penguinspeaks
  • Locked
  • Question
write HTML code within ASP line
Replies
1
Views
255
xwb
xwb
leifoet
  • Locked
  • Question
How to check if a datatable is empty ?
Replies
0
Views
179
leifoet
leifoet
penguinspeaks
  • Locked
  • Question
READ TEXT FILE BASED ON VARIABLE 1
Replies
2
Views
177
guitarzan
guitarzan

Part and Inventory Search

Sponsor

Back
Top