By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,504 Members | 1,583 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,504 IT Pros & Developers. It's quick & easy.

best way for protect conn.strings?

P: n/a
hi
what is the best way to protect
the connection strings
keeping an effective, low overheaded access
to them ?

thanks
--
atte,
HernŠn Castelo
SGA - UTN - FRBA
Jul 21 '05 #1
Share this Question
Share on Google+
3 Replies


P: n/a
"best" way will depend on your individual requirements. Here are a couple of
ways in what I think is least to most secure.

1. keep connection string in an include file or set into application
variable in global.asa
2. keep it in a text file that is not accessible through web, read it into
an app var in global.asa.
3. keep it in system registry, read in as needed or put in app var in
global.asa
4. embed it in an activex server-side component and call a method of that
component to open connections.

There are probably other variations as well.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"HernŠn Castelo" <ba*********@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl...
hi
what is the best way to protect
the connection strings
keeping an effective, low overheaded access
to them ?

thanks
--
atte,
HernŠn Castelo
SGA - UTN - FRBA

Jul 21 '05 #2

P: n/a
i'm using the first,
any recommendation for these option ?

the activex and registry approaches
are more expensive, talking in resources... no?

--
atte,
HernŠn Castelo
SGA - UTN - FRBA

"Mark Schupp" <no****@nospam.com> escribiů en el mensaje
news:u5*************@TK2MSFTNGP12.phx.gbl...
"best" way will depend on your individual requirements. Here are a couple of ways in what I think is least to most secure.

1. keep connection string in an include file or set into application
variable in global.asa
2. keep it in a text file that is not accessible through web, read it into
an app var in global.asa.
3. keep it in system registry, read in as needed or put in app var in
global.asa
4. embed it in an activex server-side component and call a method of that
component to open connections.

There are probably other variations as well.

--
Mark Schupp
Head of Development
Integrity eLearning
www.ielearning.com
"HernŠn Castelo" <ba*********@hotmail.com> wrote in message
news:%2****************@TK2MSFTNGP11.phx.gbl...
hi
what is the best way to protect
the connection strings
keeping an effective, low overheaded access
to them ?

thanks
--
atte,
HernŠn Castelo
SGA - UTN - FRBA


Jul 22 '05 #3

P: n/a
The amout of overhead in dealing with connection strings is pretty low considering all of the other issues involved with
storing stuff in memory say like dictionary objects or sessions. Really, the easiest thing to do, especially if you wont be maintaining the
code or you are on a team is to throw it in the global.asa file. They only way to get access to that is if the machine is compromised
in some way. Assuming that you know what you are doing and the server is patched and updated properly, the likelyhood that it will
be an issue is very small.

Bastard

On Thu, 11 Nov 2004 18:27:56 -0300, "HernŠn Castelo" <ba*********@hotmail.com> wrote:
i'm using the first,
any recommendation for these option ?

the activex and registry approaches
are more expensive, talking in resources... no?


Jul 22 '05 #4

This discussion thread is closed

Replies have been disabled for this discussion.