I have several web apps that access an Oracle database
using an ODBC connection. The only place that I know
of to put the ID and Password is in the code and
this is passed to the database. There is no place
in the ODBC setup for password. How do I protect
the file that contains the ID/password ?
1. my web app is authenticated
2. the file that contains the ID/password is in
a separate folder outsite of the authenticated
folder
3. a serverside include is used to include the
file with the ID/password
My problem is determining what combination of
permissions I can use on both the web app folder
and ID/password folder that will allow the authenticated
folder to get the ID/password file but yet not allow
anyone to be able to get to the ID/password file. I
have been unsuccessful so far.
I am running WinNT 4.0 / IIS4.0.
Thanks,
Maureen
using an ODBC connection. The only place that I know
of to put the ID and Password is in the code and
this is passed to the database. There is no place
in the ODBC setup for password. How do I protect
the file that contains the ID/password ?
1. my web app is authenticated
2. the file that contains the ID/password is in
a separate folder outsite of the authenticated
folder
3. a serverside include is used to include the
file with the ID/password
My problem is determining what combination of
permissions I can use on both the web app folder
and ID/password folder that will allow the authenticated
folder to get the ID/password file but yet not allow
anyone to be able to get to the ID/password file. I
have been unsuccessful so far.
I am running WinNT 4.0 / IIS4.0.
Thanks,
Maureen