473,387 Members | 1,517 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > asp / active server pages > questions > connection string in global.asa

Join Bytes to post your question to a community of 473,387 software developers and data experts.

Connection String in global.asa

Hi everybody,
I currently have my SQL Server connection string in an
Application variable in the global.asa.

Could that be a security risk?

I have heard that with Cold Fusion, when there is a page error.... the
actual Connection String is written to the screen as part of the error
page....

I'm quite sure that would not occur in ASP but just wanted to be sure,
and get a few expert opinions....

*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!
Jul 19 '05 #1
1 4466
> I have heard that with Cold Fusion, when there is a page error.... the
actual Connection String is written to the screen as part of the error
page....
That sounds kind of weird to me...
I'm quite sure that would not occur in ASP but just wanted to be sure,
and get a few expert opinions....


global.asa should be fine, as long as you're not running a very early and
unpatched version of IIS 4.0.

Keep in mind, though, that your ASP pages are only as secure as the server
they're hosted on. No matter how deep you bury your connection string, it
is accessible to anyone who can penetrate the file system. Even if you bury
your connection string in a DLL, if your ASP pages can access it, then an
intruder could write an ASP page that uses response.write to display it (or,
if the connection string isn't a property, they could retrieve information
from running commands directly against the database via the DLL).

It's all about trade-offs...

--
Aaron Bertrand
SQL Server MVP
http://www.aspfaq.com/
Jul 19 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

1
Global connection string to Access Databse
by: Colin Graham | last post by:
i am currently developing an asp.net web application which is linked to an Access database. The main problem that i have is in creating a global pathname that i can access. When i put my string...
Microsoft Access / VBA
4
global sql connection string and deadlocking error
by: Mark | last post by:
OK. Here we go. I have an ASP.NET application that does many hits to a SQL Server DB on a separate server. When I first created this application (2 years ago) and was very new to ASP/ASP.NET, to...
ASP.NET
4
Connection String
by: A.M | last post by:
Hi, I have an encrypted database connection string stored in web.config file and i need to have the connection string several times in my application. What would be the best way to have that...
ASP.NET
35
Making a database connection global
by: Terry Jolly | last post by:
Web Solution Goal: Have a global database connection Why: (There will be 30+ tables, represented by 30+ classes) I only want to reference the database connection once. I put the connection...
ASP.NET
3
using global variables in the database connection string
by: frothpoker | last post by:
Guys, I'm sure this has been asked a million times but I can't seem to formulate a google search that returns what i'm looking for. I've go a dev and live environment. Currently the DB...
PHP
20
Connection pooling question
by: fniles | last post by:
I am using VS2003 and connecting to MS Access database. When using a connection pooling (every time I open the OLEDBCONNECTION I use the exact matching connection string), 1. how can I know how...
Visual Basic .NET
3
Database connection pooling in ASPx
by: fniles | last post by:
In the Windows application (using VB.NET 2005) I use connection pooling like the following: In the main form load I open a connection using a connection string that I stored in a global variable...
ASP.NET
9
SQL Server connection pooling
by: fniles | last post by:
I am using VB.NET 2003 and SQL 2005. To use connection pooling and avoid the error "There is already an open DataReader associated with this Connection which must be closed first." , I understand...
Visual Basic .NET
4
Error in remote connection to SQL Server
by: glbdev | last post by:
Hi. I am having an problem connecting to a remote SQL Server. Other applications (using access) are connection to it but I cannot get it to work through ASP.Net. Here is my connection string:...
ASP.NET
1
Passing LINQ a dynamic connection string
by: Dean Slindee | last post by:
VS2008, .NetFramework 3.5 SP1: I have built a LINQ data access layer project. When the LINQ data context was built over an existing SQL2005 database, the connection string for that database was...
Visual Basic .NET
0
Easy Steps to Fix "Canon Printer Won't Connect to WiFi Network"
by: taylorcarr | last post by:
A Canon printer is a smart device known for being advanced, efficient, and reliable. It is designed for home, office, and hybrid workspace use and can also be used for a variety of purposes. However,...
General
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!