better security?????

[pollux0]

this is the globa.asa file to a web page that access our database.
*************************************
<SCRIPT LANGUAGE=VBScript RUNAT=Server>
Sub Session_OnStart

session(&quot;Server&quot = &quot;DSN=***;UID=***;PWD=*******;&quot;

End Sub
</SCRIPT>
**********************************************
If a hacker broke into our server, they can view the glogal.asa file and get the password to our DB. Once they have the password they can wrek havoc...is there a better way?

 

[MadhanaGopal]

If a hacker broke ur NT server, he can view any thing in ur system.After broken the NT Server,u cant do anything to protect viewing Global.asa.
But u can encrypt asp and global.asa files using ASPEncrypt Component.
Refer :

http://www.aspencrypt.com

P.Madhana Gopal,
Principal Software Engineer,
LCube Innovative Solns. Pvt. Ltd.,
India.

 

[pollux0]

is it possible to just write a visual basic application that spits out the password and gives it to the web session. If it is done this way the password is compiled with the VB(.exe) application and the password isnt &quot;up for grabs&quot; on the server. The password is compiled with the program...I dont think its possible for a hacker to un-compile the program. If I need to change the password I just re-compile the program.

 

[MadhanaGopal]

Yes.It is looking a safe method.Make it as a MTS Component.Dont use it as a VB Exe.
If u use this method,u must create a password decryption component in session_onstart.
<SCRIPT LANGUAGE=VBScript RUNAT=Server>
Sub Session_OnStart
Set objpassdecrypt = server.CreateObject(&quot;Package.PassWordDecrption&quot

session(&quot;Server&quot = &quot;DSN=***;UID=***;PWD=&quot; & objpassdecrypt.decrypt(&quot;Encryptedpassword&quot & &quot;;&quot;

Set objpassdecrypt = nothing

End Sub
</SCRIPT>
Try like this. P.Madhana Gopal,
Principal Software Engineer,
LCube Innovative Solns. Pvt. Ltd.,
India.