473,405 Members | 2,415 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > javascript > questions > i am using javascript,can anyone see my connection string on client side?

Join Bytes to post your question to a community of 473,405 software developers and data experts.

I am using javascript,can anyone see my connection string on client side?

In Asp.net Page
Expand|Select|Wrap|Line Numbers
  1. <script type="text/javascript"><!-- 
  2.  
  3.             function Showlogin(){popup.Show();}
  4.  
  5.             function Showloginx()
  6.             {
  7.                 var s,usr,pass;
  8.  
  9.                 var connection = new ActiveXObject("ADODB.Connection");
  10.  
  11.                 var connectionstring="Connection string";
  12.                 s="exec auser '" + tbLogin.GetText() + "','" + tbPassword.GetText() + "'";
  13.  
  14.  
  15.         connection.Open(connectionstring);
  16.  
  17.  
  18.  
  19.         var rs = new ActiveXObject("ADODB.Recordset");
  20.  
  21.                 rs.Open(s , connection);
  22.                 rs.MoveFirst
  23.                 if(rs.eof)
  24.                 {                  
  25.                     alert("Invalid User ID Or Password")
  26.                 }
  27.                 else
  28.                 {
  29.                     popup.Hide();
  30.                 }
  31.  
  32.                 rs.close;
  33.                 connection.close;
  34.  
  35.                 //popuplogin.Hide();
  36.  
  37.             }
  38.  
  39. //--></script>
Aug 9 '10 #1

✓ answered by gits

doing such passwordvalidation clientside is worthless at all - a medium skilled user could simply modify the script and login without any username or password ... and even putting a simple alert would show the connection-string ... just avoid such things and always check auths serverside.

Besides that ActiveX could just be used with IE only - so in case the app should ever run in another browser the code would even need to be adapted ... and best adapted to run serverside in that case ...

6 1920
johny10151981
1,059 1GB
From my understanding i can say no one is seeing your connection string.

But my question is this way necessary and convenient at all?
Aug 9 '10 #2
i am building a e commerce application, my add to cart button work on JavaScript and JavaScript execute on client side, so the script must be at client side, and if someone want to search for the script in temp folder or another system location, and he got the connection sting, means it can access my data directly, and i will be in big trouble,
Aug 9 '10 #3
johny10151981
1,059 1GB
If the user name and password is not given by the user and given by you, then it mean it is the most stupid design on earth.

Who is providing the password? you or the client. If client provide the password architecture wont allow to see the password. but if the password is given by you that mean any one can see your username and password form any simple browser. Now can you give me a more detail about what are you trying to do?
Aug 9 '10 #4
gits
5,390 Expert Mod 4TB
doing such passwordvalidation clientside is worthless at all - a medium skilled user could simply modify the script and login without any username or password ... and even putting a simple alert would show the connection-string ... just avoid such things and always check auths serverside.

Besides that ActiveX could just be used with IE only - so in case the app should ever run in another browser the code would even need to be adapted ... and best adapted to run serverside in that case ...
Aug 9 '10 #5
Actually Connection string is DSN:129.21.23.1;DatabaseName;dbuser;dbpass;provide r
and if anyone get it, any one can change data of my database without any problem
Aug 9 '10 #6
gits
5,390 Expert Mod 4TB
as was said already - you shouldn't publish that to the client ... with javascript in fact you do that.
Aug 9 '10 #7

Sign in to post your reply or Sign up for a free account.

Similar topics

2
Tables - server-side vs. client-side?
by: Bill S. | last post by:
I am starting to build quite a few pages that will have tables of data from an SQL database. I have been building the table rows on the server side in VBScript, but I have been thinking about...
ASP / Active Server Pages
1
Using A Dynamic Connection String for Access Pass Through Queries.
by: timandsuzi36 | last post by:
Here's the issue. Appreciate any help any Access gurus can offer. I have a .NET WinForms application that needs to launch a Access DB application used for generating Access Reports. That part...
Microsoft Access / VBA
12
Using encrypted dB connection string
by: Charlie | last post by:
Hi: My host will not allow me use a trusted connection or make registry setting, so I'm stuck trying find a way to hide connection string which will be stored in web.config file. If I encrypt...
ASP.NET
4
Run Server-side Function *immediately after* executing client-side JavaScript.
by: Guadala Harry | last post by:
Suppose I have a hyperlink that, when clicked, executes a JavaScript function on the client. Separately I have a button that, when clicked, causes a post back and executes a server-side function,...
ASP.NET
1
Problem in using "Button1.Attributes.Add " for client side script for Validations
by: Anup | last post by:
In my form I and doing validations using 'Javascript' as I m using ASP1.1 and there is very less support for Validators there. //Code Behind private void Page_Load(object sender,...
C# / C Sharp
3
handle javascript errors on the client side from arbitrary sites
by: figelwump | last post by:
Hello, I'd like to be able to write an application that runs on a Windows XP machine and can capture and handle javascript errors from any web site that a user might encounter while using IE on...
Javascript
1
check if the file is opened before uploading using javascript
by: lipsa | last post by:
hello all, 1-i m uploading an excel sheet(VB/ASP.NET).before uploading i want to check if the file to be uploaded is opened or not.if opened alert the user.i want to do it at the client side(using...
Javascript
2
Retrieving client side control value using servre VB.NET
by: Kevin Humphreys | last post by:
Hi There, Is it possible to retrieve a client side control value using server VB.NET? Thanks, Kevin.
ASP.NET
1
Please help Reading a file using javascript from server
by: rajarya | last post by:
Hi , I need to read a file(xml file) froma location in server by my client side HTML+Javascript code ,I did this using JSP,but now my requirement has been changed and I donot want any server side...
Javascript
6
open a new browser window without using javascript
by: bushi | last post by:
hi everyone! i have diplayed my hyperlinks in a iframe.when i redirect to next page.the next page also open in the same frame,but i want to open a new browser window,when i click on the...
ASP.NET
0
How to turn on java script in a villaon keypad mobile phone
by: Charles Arthur | last post by:
How do i turn on java script on a villaon, callus and itel keypad mobile phone
Java
0
Migrating Website to Cloud - Emmanuel Katto
by: emmanuelkatto | last post by:
Hi All, I am Emmanuel katto from Uganda. I want to ask what challenges you've faced while migrating a website to cloud. Please let me know. Thanks! Emmanuel
General
0
BarryA
Navigating the Data Structures and Algorithms (DSA)
by: BarryA | last post by:
What are the essential steps and strategies outlined in the Data Structures and Algorithms (DSA) roadmap for aspiring data scientists? How can individuals effectively utilize this roadmap to progress...
Algorithms / Advanced Math
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing
0
The easy way to turn off automatic updates for Windows 10/11
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows...
Windows Server
0
isladogs
Access Europe - Using VBA to create a class based on a table - Wed 1 May
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new...
Microsoft Access / VBA

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!