remove connection information from the global.asa file

=?Utf-8?B?U3lsdmFpbg==?= wrote on 26 apr 2006 in
microsoft.public.inetserver.asp.general:

Here's my problem:

I have actually an asp web site which use the global.asa file to
connect to the database but for security reason, I want to put
username and password information (or the complete connection string)
in a seperate file so only a special user could read these
informations.

Is someone knows how to do this ?

I don't understand.

Global.asa is unreadable from the outside,
just like the seperate file you wanted,
and both are readable for the site programmer by ftp or whatever.

================

If you want you can put an include file in the top of all
..asp files you need to access the db in:

<!--#include virtual ="/dir/openDb.asp"-->


--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

Hi !

Thanks for your answer. In fact, the reason why I want to separate
connection information from the global.asa file is because even the developer
should not have access to username and password, only one user (implementer)
and the application. Developer can have access to global.asa code without
being able to see the username and password.

I don't know if it is possible but if so, I'd like to have username and
password info in only one separate file and affect the value to my connection
string in global.asa.

Thanks for your answers.

"Evertjan." wrote:

=?Utf-8?B?U3lsdmFpbg==?= wrote on 26 apr 2006 in
microsoft.public.inetserver.asp.general:

Here's my problem:

I have actually an asp web site which use the global.asa file to
connect to the database but for security reason, I want to put
username and password information (or the complete connection string)
in a seperate file so only a special user could read these
informations.

Is someone knows how to do this ?

I don't understand.

Global.asa is unreadable from the outside,
just like the seperate file you wanted,
and both are readable for the site programmer by ftp or whatever.

================

If you want you can put an include file in the top of all
..asp files you need to access the db in:

<!--#include virtual ="/dir/openDb.asp"-->


--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

In classic ASP, this is not possible without using a COM dll, perhaps
created in VB6.

Sylvain wrote:

Hi !

Thanks for your answer. In fact, the reason why I want to separate
connection information from the global.asa file is because even the
developer should not have access to username and password, only one
user (implementer) and the application. Developer can have access to
global.asa code without being able to see the username and password.

I don't know if it is possible but if so, I'd like to have username
and password info in only one separate file and affect the value to
my connection string in global.asa.

Thanks for your answers.

"Evertjan." wrote:

=?Utf-8?B?U3lsdmFpbg==?= wrote on 26 apr 2006 in
microsoft.public.inetserver.asp.general:

Here's my problem:

I have actually an asp web site which use the global.asa file to
connect to the database but for security reason, I want to put
username and password information (or the complete connection
string)
in a seperate file so only a special user could read these
informations.

Is someone knows how to do this ?

I don't understand.

Global.asa is unreadable from the outside,
just like the seperate file you wanted,
and both are readable for the site programmer by ftp or whatever.

================

If you want you can put an include file in the top of all
..asp files you need to access the db in:

<!--#include virtual ="/dir/openDb.asp"-->


--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"

Sylvain wrote:

Thanks for your answer. In fact, the reason why I want to separate
connection information from the global.asa file is because even the
developer should not have access to username and password, only one
user (implementer) and the application. Developer can have access to
global.asa code without being able to see the username and password.

I don't know if it is possible but if so, I'd like to have username
and password info in only one separate file and affect the value to
my connection string in global.asa.

Aside from Bob's suggestion, you can deny your developer access to your
production environment. Allow him a development environment, complete with
test databases (and test connection parameters).

Even in this scenario, a clever developer might try to embed something that
will reveal the DB credentials to him once his code is moved over. You might
mitigate this by creating a custom class/function that returns an open
connection without exposing any credentials.

--
Dave Anderson

Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.