SECURITY: Best Practices For Handling Connection Strings
I saw a brief blurb on this somewhere and am unable to recall where...
In the context of Security, what are some best practices for
handling -storing, locating, retrieving- database OLEDB connection strings?
I have typically used a single include file and even considered stuffing the
string in a document (XML or otherwise) outside of the root directory. I
know of and have used methods to store connection strings in the registry of
the server. My thinking is the optimal solution involves some form of
encryption and locating the string outside of the site itself. Code:
View Replies
ADVERTISEMENT
What are some best practices for classic ASP security? Can you point me to some "how-to" articles in this regard?
View Replies
View Related
What are the best practices when using a db and include files?
I typically store my connection string in an include file. I then open my db do what I need to and close the connection. I haven't put these in functions. How does everyone else handle the connections are the in functions? in includes?
View Replies
View Related
I am developing a website and it's going fine, but i've heard that you shouldn't have your database in the wwwroot, it should be outside/above that.
I've done this (i'm using Dreamweaver MX) so I moved the db, fixed my odbc/dsn, connection string etc, but when I upload now I get this error.
Microsoft JET Database Engineerror '80004005'
'C:Program FilesEnsimSiteDatawebpplianceconfdomainsInet pubwwwrootTesting_SiteDatabasesTesting_Website _DataSource.mdb' is not a valid path. Make sure that the path name is spelled correctly and that you are connected to the server on which the file resides. /Testing_Site/default.asp, line 8
This is line 8: Recordset1.ActiveConnection = MM_TestingConnection_STRING
Is there something that I have missed. It was ok when it was in the wwwroot.
View Replies
View Related
I am using ASP to connect to a simple database to retreive information and also to imput information.What I need is a simple dns connection string syntax to connect and query data.
View Replies
View Related
I am using this connection string (DSNless) for the database driven website.
"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=c:inetpubwwwrootdatabaseInventory.mdb"
where Dreamweaver could connect driver to testing server
but i get this message
"could not use ";file already in use"
what does that mean?
View Replies
View Related
i'm using this string to connect to my database whic resite in the other computer of my network the connection is like this set objconn = server.createobject("ADODB.Connection")
objConn.Open
View Replies
View Related
1. Connection strings need to be in global.asa file always?
2. How can we encrypt the connection string userid and passwd in global.asa?
View Replies
View Related
Looking for a way to secure string. Have connect.asp page as an include file, but want to still use dsn-less connection and not have this in an asp page. Though about putting this in the global.asa file. Don't want to create a DSN and give IUSR_ rights to SQL DB.
View Replies
View Related
I typically use a VB com component for handling business logic and data processing in my ASP projects.
In the past, if I wanted to get a forms contents into my VB layer I would simply pass it in the call and accept it in VB as a string which I could put into an xmldom object.
I am now experimenting with passing the entire form along as a form object (to be accessed as such in VB as a ASPTypeLibrary.Request type.
I have found two ways to do this.
1. pass the form as above using the listed request type in VB. This works great.
2. Dim up a ASPTypeLibrary.Request object in VB and assign it
GetObjectContext.Item("Request").
Using GetObjectContext is much more difficult to implement if you want to have debugging ability in VB (there are numerous security considerations).
My question is (and thank you for reading this far), do any of you know what the best practices is for a production environment? Can anyone think of any reason why I shouldnt just use the easy method (pass the form and define its type in the argument list for the sub or function)?
View Replies
View Related
I have a asp webapp that must use a .net dll (with com wrapper) that in turn
uses the patterns and practices libraries (june 2005 version) to access to
the database.My asp webapp can properly instantiate the c# dll, but I do not know how to
set the data needed to access the db. In asp.net I can add the configuration
info to web.config, pointing to a dataconfiguration.config and all works fine.
How can I put the needed info in the ASP configuration?
If it is not possible to do so, how can I set a single configuration file
for the enterprise library, provided that their dll are in GAC and that the
can be called from c# exe, asp.net webapps and asp webapps and all of them
should share a single configuration?
View Replies
View Related
When using cookies in classic asp, is it safe to assume that using a comma delimited list of values in one cookie is much more efficient than using multiple cookies? (example below)
Response.Cookies("someCookie") = "101,102,103,104,105,106"
If InStr(Request.Cookies("someCookie"),"103") 0 Then.......
vs.
Response.Cookies("101") = "True"
Response.Cookies("102") = "True"
Response.Cookies("103") = "True"
Response.Cookies("104") = "True"
Response.Cookies("105") = "True"
Response.Cookies("106") = "True"
If Request.Cookies("103") = "True"
Then.....
View Replies
View Related
In a string what is the character I should use to represent an enter?
View Replies
View Related
i am retrieving a record from the database, I am trying to place the value of the FULLNAME field in a textbox on a Form, the Problem is that it only displays half of the name leaving out the stuff that comes after a SPACE.
Example:
adors("fullname").value <--- Actual Value is John Smith
but it only displays John
Code:
<INPUT id=text1 readonly name=txtfullname value=<%=adors("fullname").value%>>
but if I try to just response.write it anywhere on the page then it displays the entire name.
View Replies
View Related
I have 2 SQL strings:
SELECT *
FROM NK_editie " & MM_whereConst & " " & whereClause & "
ORDER BY editie desc
And
SELECT *
FROM NK_editie INNER JOIN NK_edities ON NK_editie.editieid = NK_edities.ID
ORDER BY editie desc
Now I want to combine those 2 to one string.
I have problems to set it up in working order.
My tryout:
SELECT *
FROM NK_editie INNER JOIN NK_edities ON NK_editie.editieid = NK_edities.ID &
" & MM_whereConst & " " & whereClause & "
ORDER BY editie desc
It shows al the records which are joined, only the second string " & MM_whereConst & " " & whereClause & " is not working.
View Replies
View Related
I found out a really nice way to keep things on the same page is for any processing page to add on a "?<something>=<something>"
and then just check to see what the something is equal to, and the number represents what you want the front page to show.
However, this <something> shows up on the url listing in a browser. Is there anyway to .. encode it so no one can see it? Like a encode/decode function?
View Replies
View Related
I'm building a forum, and right now i'm creating the ability to edit posts. As part of this i want to add the usual "Edited by UserName on Date" line at the bottom, but am having problems doing so.
The problems seems to do with formatting the text in the variable with <span>s using stylesheets, or if there are " and ' markes in the post proper (which I can't seemt to remove with Replace). Here's my code:
View Replies
View Related
if i had a string which looked like this :
,apple, orange, grape, tomatoes
how do i remove the first character[,] from the string using the trim() function?
View Replies
View Related
i am having a problem with comparing two strings. I am taking
in the parameter rs("Company") and if this is empty i want to put some
text in there. I am testing it with an empty Company field and comparing
it like so:
temp1=rs("Company")
temp2=StrComp(temp1,NULL)
I have also tried it with
temp2=StrComp(temp1,"")
but each time i get nothing returned. Is there some rule about comparing a
string with an empty string?
View Replies
View Related
I have a search function on my site, and what happens at them moment is the user fills in a text box with their search string, and clicks submit. The search page takes their string, and splits it up where it sees " ".
All fairly simple, what I'd like is to allow the user to enter text in speechmarks, so the script would search for a couple of words together, as well as being able to search for every individual word...
Everyone confused yet?!
e.g If the user enters Dev Shed Forums , then the search would look for every occurance of the strings "Dev", "Shed" and "Forums"
What I want is for the user to be able to enter "Dev Shed" Forums, and the search will look for "Dev Shed" and "Forums"...
View Replies
View Related
I have a list of dates in a sql database that are input as varchar like this 042999
How do I insert / in between the date/month and year
so this 042999 will appear like this 04/29/99
View Replies
View Related
if i've two strings like:Code:
dim pic_name=replace(Request.Form("pic_name"),"'","''")
dim pic_path="pro-details/PICs/"
how could i merge the two strings to get the complete pic-path
View Replies
View Related
< input type=text name="PageTitle" id="PageTitle"
value="<%=strPageTitle%>" >
How do I "escape" any quotes, accidental carriage returns etc that are
contained within strPageTitle? Do I have to use a series of replace()
functions, or is there a cunning way that makes it OK?
(Using escape(strPageTitle) fills the box with % signs...)
View Replies
View Related
I have 2 string
str1="John"
str2="Smith"
I need to join them and then i need to get 6 characters from the left
so here is my code
str3=str1&str2
str4=Left(str3, 6)
I need to see the output as johnsm
but it gives the output as john
View Replies
View Related
I am storing some strings via asp.net in my dbase. The string looks like this:
Well, that`s just a simple level 100 quiz aiming to imprint ""standard random number generators are not really random"" program to those who still lack it. What will produce the following C# snippet? ‘ ....
Now I am reading these values via ASP and need to print them out.
Unfortunaly it does not UnCode the string back so that I can show it to the user. I know I could use the replace function but I wont replace all chars, there are many from this type. What can I do?
View Replies
View Related
I was wondering how do you compare variables that contain text strings in ASP.When I use the following If. Then statement:
If Rs("StyleNo") <> arrStyleNo(aCount) Then
I always get the following error when I try to browse the page:
Error Type:
(0x80020009)
Exception occurred.
View Replies
View Related
I'm trying to see if a certain string matches a predefined string so I've tried:
--------------
If txtCondition3 = "NO THEFT COVER unless client claim free and occupied
prems for 3 yrs" Then
response.write "1st condition"
Else
response.write "2nd condition"
End If
--------------
But I'm getting neither response.
View Replies
View Related
I have a form with multiple text fields, when i submit the form i want it to edit a table in my database using UPDATE. I know i have the syntax correct. The problem I have is 2 fields are Currency and 2 are Date. The request.form command always returns a string and i keep getting the 'Data type mismatch in criteria expression' error. How do i convert the strings to dates, and strings to Currencies.
View Replies
View Related
I am currently developing a registration application for the Boy Scouts. We have paper forms for those who choose not to use a computer to register. The paper forms have a box for each letter so that it is legible. how can i re-create the paper forms with ASP. For those who go online and register they need to print out the youths registration forms and I want them to look like the paper forms.
Now there are a few fields that are mutliple words so it would have to support spaces as well. Is there even a way to do this. I know it is going to be a pain for the good look it is going to be critical. I was thinking of using strings to simply seperate each letter and tell the script to simply repeat until. Is the right way?
View Replies
View Related
Code:
Dim activation_code
activation_code="dkfjla54d2__sd4f__Sdf4sdf63ds2f168sd32f1wef4_" & Right(user,2) & "__sdf984231" & Left(mail,2) & Left(user,2) & "23a1sd_" & " right(mail,2) & hour(now)
its probably syntax error , i dont know how to connect strings and variables , but i though it is right this way , but obviously not ...
View Replies
View Related
i have 2 strings: a value in an array and a variable from some xml. I need to numeriaclly add them together, as they are both strings, using + doesn't work. I have tried cStr but it errors what do I do?
View Replies
View Related
1.
conn.ConnectionTimeout = 60
conn.Open connString
2.
conn.Open connString
conn.ConnectionTimeout = 60
Do both of them give different?
View Replies
View Related
I used to have a piece of code that would generate a random string of
8,16,24 or 32 characters in length.
I got it from this group, does any one have this piece of code?
It will be used for a double opt-in email newsletter.
View Replies
View Related
