Connecting from ASP to SQL
-
If have a ASP that connects to my SQL database. What is at risk. If the ASP passes the SQL account and password is it encrypted or does it send it clear text. Is it sufficient to lock down the ASP page so no one can view the SQL account & password. Looking for any words of wisdom on this subject or point me to some reading I can do on this. Thanks
-
I would prefer to set up IIS so that it uses a trusted connection to SQL Server. Then when the user logs in have a user table that does the security for the online app.
Gary Johnson
Microsoft Natural Language Group
DBA, Sr. DB EngineerThis posting is provided "AS IS" with no warranties, and confers no rights. The opinions expressed in this post are my own and may not reflect that of my employer.
-
Gary,
Is there someplace this process is documented? I'd love to get rid of connection strings, but our primary IIS server accesses a large number of databases each of which has unique security characteristics.
-
One of the better articles I've seen on this (sorry it's on another site) is here: http://www.15seconds.com/Issue/020715.htm
Viewing 4 posts - 1 through 3 (of 3 total)
You must be logged in to reply to this topic. Login to reply