Hello,

(With ASP)

I m looking for "the best" way to secure a connection string (OLE DB or
ODBC) for an Oracle database.
Actually, i m using an include file to open and close the connection with
informations write in clear text.
I would like to permit an acces to the application over internet. How to
secure this string ?

Is it a good idea to write the connection sting in the registry or not ?
Does it exist anothers ways ? And to secure acces i think to create an NT
autentification.? What do you thong about this ?

thanks a lot for your help

fabrice

Thanks a lot
have a nice day.

Fabrice


"Fabrice" <emouchet@spam-infonie.fr> a écrit dans le message de news:
OYlMHgTNFHA.2748@TK2MSFTNGP09.phx.gbl...
[quoted text, click to view]

So are saying that having something like

<%
Dim Conn

Set Conn = Server.CreateObject("ADODB.Connection")
Conn.Open "DRIVER=Microsoft Access Driver (*.mdb);DBQ=" &
Server.MapPath("/logo/db/XXX.mdb")
%> at the top of a page
isn't a good thing?? that all connections should be done from an include
page like connection.asp or something??
Jeff
[quoted text, click to view]

[quoted text, click to view]

I'm not sure what was said in this thread that gave you the idea that not
using an include file was not a "good thing".

It's not a "horrible" thing to do. However, think about what you would have
to do if you needed to change the location or name of the database. With an
include file, it's a single edit. Without it, it will involve editing all
the pages, unless you have a tool that allows you to do global
search-and-replace.

The "bad" thing about this connection string is that you are using the
obsolete ODBC driver instead of the Jet OLE DB provider:

Conn.open "provider=microsoft.jet.oledb.4.0;" & _
"data source=" & Server.MapPath("/logo/db/XXX.mdb")

Bob Barrows

--
Microsoft MVP - ASP/ASP.NET
Please reply to the newsgroup. This email account is my spam trap so I
don't check it very often. If you must reply off-line, then remove the
"NO SPAM"