strategy : global.asa ... or something else

[dorum]

Hi,

It's a strategy prbl.

My connection string to the database is in the global.asa file.(of course)

ok ... but anyone can see my password if he/she access the file with a simple editor.(or someone who hack the site)
so ... witch is the best way to avoid that ??

10x

D.

 

[Tarwn]

I generally create an include file with functions that I am going to reuse in a site. I'll usually have a header function, a footer function, and a connection string footer (at minimum). Then I save it with a .asp extension so that if anyone does access it they only get an empty page.

-Tarwn

_{01000111 01101111 01110100 00100000 01000011 01101111 01100110 01100110 01100101 01100101 00111111}

http://www.tiernok.com/

The never-completed website

 

[mwolf00]

The global.asa file is the best place. If they hack your site, then you have bigger problems than where you keep your connection. They could find it no matter where you put it. You need to protect it with you IIS/Server and firewall.

Programming today is a race between software engineers striving to build better and bigger idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. - Rick Cook

 

[mwolf00]

Tarwyn,

"if anyone does access it they only get an empty page"

Isn't this true of the global.asa file also?

Programming today is a race between software engineers striving to build better and bigger idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. - Rick Cook

 

[dorum]

Hi,

first of all, 10x for the reply.

ok, but is the inc file accessible ? I meen from the

http://www ,

or u can incude a file from outside (directory) where the site is hosted (eg: c:\My Documents

In this way a hacker can NOT access it !!

10x

D.

 

[mwolf00]

Fighting hackers is more difficult than having things in include files. First thing I suggest is not having the site located in the c:\inetpub\

http://wwwroot

directory. Another suggestion is to have the entire directory be "read only". I'm currently associated with a site which has numerous hack attempts on a daily basis. The person in charge of security says that in addition to the above, you need multiple layers of defense for truly secure site. Of course, he is a guru and can gain access to the backend of almost any site (including many banking ones - kinda scary).

Programming today is a race between software engineers striving to build better and bigger idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. - Rick Cook

 

[dorum]

hi,

U'r absolutly right about this ..but look in the past..
how many SPs did u install ??? ) (and u will, in the future )

anyway..the fact is I don't care about the cod ,what i'm afraid is my passwords in wrong hands !

so...is it possible tu include a file from outside (virtual) directory ?

D.

 

[mwolf00]

virtual directories are not "outside" but you could use an absolute path to a page that is not in your root folder. Be advised that this will not keep a hacker away from it though. Basically what I am trying to say is that your protection should not be at the asp level - if they get there, you're fried.

Programming today is a race between software engineers striving to build better and bigger idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. - Rick Cook

 

[dorum]

least i'm not fired ;-]

ok i'll think about it and choose the right solution

10q mwolf00 & Tarwn

D.