Sylvain wrote:
Thanks for your answer. In fact, the reason why I want to separate
connection information from the global.asa file is because even the
developer should not have access to username and password, only one
user (implementer) and the application. Developer can have access to
global.asa code without being able to see the username and password.
I don't know if it is possible but if so, I'd like to have username
and password info in only one separate file and affect the value to
my connection string in global.asa.
Aside from Bob's suggestion, you can deny your developer access to your
production environment. Allow him a development environment, complete with
test databases (and test connection parameters).
Even in this scenario, a clever developer might try to embed something that
will reveal the DB credentials to him once his code is moved over. You might
mitigate this by creating a custom class/function that returns an open
connection without exposing any credentials.
--
Dave Anderson
Unsolicited commercial email will be read at a cost of $500 per message. Use
of this email address implies consent to these terms.