Securing SQL2000 Connection Strings

Looking for a way to secure string. Have connect.asp page as an include file, but want to still use dsn-less connection and not have this in an asp page. Though about putting this in the global.asa file. Don't want to create a DSN and give IUSR_ rights to SQL DB.

View Replies


ADVERTISEMENT

Sql2000 Connection

What is the best connection to make with an sql2000 server?

View Replies View Related

Connection Strings

I am developing a website and it's going fine, but i've heard that you shouldn't have your database in the wwwroot, it should be outside/above that.

I've done this (i'm using Dreamweaver MX) so I moved the db, fixed my odbc/dsn, connection string etc, but when I upload now I get this error.

Microsoft JET Database Engineerror '80004005'

'C:Program FilesEnsimSiteDatawebpplianceconfdomainsInet pubwwwrootTesting_SiteDatabasesTesting_Website _DataSource.mdb' is not a valid path. Make sure that the path name is spelled correctly and that you are connected to the server on which the file resides. /Testing_Site/default.asp, line 8

This is line 8: Recordset1.ActiveConnection = MM_TestingConnection_STRING

Is there something that I have missed. It was ok when it was in the wwwroot.

View Replies View Related

Dns Connection Strings

I am using ASP to connect to a simple database to retreive information and also to imput information.What I need is a simple dns connection string syntax to connect and query data.

View Replies View Related

Connection Strings Problem

I am using this connection string (DSNless) for the database driven website.
"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=c:inetpubwwwrootdatabaseInventory.mdb"

where Dreamweaver could connect driver to testing server

but i get this message

"could not use ";file already in use"

what does that mean?

View Replies View Related

Connection Strings Error,

i'm using this string to connect to my database whic resite in the other computer of my network the connection is like this set objconn = server.createobject("ADODB.Connection")

objConn.Open

View Replies View Related

Connection Strings -- Global.asa

1. Connection strings need to be in global.asa file always?
2. How can we encrypt the connection string userid and passwd in global.asa?

View Replies View Related

SECURITY: Best Practices For Handling Connection Strings

I saw a brief blurb on this somewhere and am unable to recall where...

In the context of Security, what are some best practices for
handling -storing, locating, retrieving- database OLEDB connection strings?

I have typically used a single include file and even considered stuffing the
string in a document (XML or otherwise) outside of the root directory. I
know of and have used methods to store connection strings in the registry of
the server. My thinking is the optimal solution involves some form of
encryption and locating the string outside of the site itself. Code:

View Replies View Related

SQL7 And SQL2000

I am currently using asp and sql 2000. I have moved my database to another server that supports only sql7. I only have simple tables. The issue is how different the two are and do I need to change the way I connect to the database in terms of syntax?

View Replies View Related

Trap Primary Key Error (ASP, SP And SQL2000)

I have a table in SQL 2000 with a composite Primary Key on coulumns Instrument_ID (int) and WeekOf (smalldatetime.) I am running asp on win 2003. Code:

View Replies View Related

Securing Files

How do I go about securing download files on my site so users can download those files only by clicking a link and not by typing the files address in the address bar. Is this even possible?...

View Replies View Related

Securing A Folder

I am wriging a web application which cosists of a main directory with all the main code, and a subdirectory with the administration features. althogh the two locations will share configuration resources, I need to protect the admin folder from unauthorised access. I know that in apache their is some kind of authentication (I think it is used through an ".htaccess" command or someting) and I'm wanting to do a similar thing in ASP.

View Replies View Related

Securing ASP Apps

Are there some easy to use (and free) web scanning tools that can check
for security vulnerabilities (SQL injection, cross site attacks) on classic
ASP apps and suggest ways to fix them?

View Replies View Related

Securing A Web Application

Developed a web application which adopts a custom security model which displays a login page and requests a username/password combination. The username works in a mixed-mode of usernames matched with the windows login name and some extra accounts (similar to SQL mixed-mode security). Web application is executed both in the corporate intranet and externally on the web.

Getting user complaints about having to login to the web application when they have already logged-on to windows. I have coded a challenge/response (response.status=401) to get a user's window login through the ServerVariables. This seems to work OK for the intranet access. If the user's windows account is not located in the application database then I redirect to the standard login page for the username/password combination. When the application is executed across the internet through a firewall, the user is prompted by IE to enter the windows domain, username, and password. There seems to be no mechanism to avoid this because of the challenge/response code. I wish that with external access from the internet that users are automatically directed to the application login screen and not faced with the IE windows authentication dialog.
Anyone care to offer a solution?

View Replies View Related

Securing System

I recently developed my first website and I hosted it on my pc.But when I try to access it from other computers, I am able to do that only when I turned the firewall off.Is there any possibility to access my website in internet on providing security to my system?

And one more problem is when ever I access any control on my webpage in internet, I am getting a dailogue box indicating that "connecting to mysite.dnsalias.com" and it is asking for userid and password.If any one knows please tell me why I'm getting the dailogue box and how to avoid getting it.

View Replies View Related

Securing Directory

I have a client who has a password protected page via session that lists a bunch of pdf's.They are a little worried that you are able to browse and see the pdf's via the url without being logged in.

I'm not sure if it's possible or not but is there a way after their username and passord is verified to automatically grant them permisson to view the contents of the pdf directory?

View Replies View Related

Securing A Page

How can I make my asp page secure so that I can sell it and not have people be able to view the code. I know one way to do this would be to make it a component, but I dont really know how to convert ASP into Visual Basic.

View Replies View Related

Securing Web Database

I have a website setup which has MS-Access DB. The web pages are in ASP and uses ADO to connect to DB. The DB is located in the Folder "/Database". I have the Connection string setup in the Global.asa file.

As my virtual Directory is "/" and all files and folders including the "Database" folder are with in the folder so any one who knows the Database
folder name and database name can directly download the database from the
website.

The physical Directory for the virtual directory is: -

d:mywebsite
d:mywebsitedatabase
d:mywebsiteDLLs
d:mywebsiteimages
d:mywebsiteinclude
d:mywebsitestylesheet
d:mywebsite emplate

How Can I restrict the database to be access directly from web? Please suggest all alternatives that I can opt for.

View Replies View Related

Securing A Password

I am using Dreamweaver with ASP VBSCRIPT and want to secure a password that the user puts in and sends to my sql server 2000 database. Can anyone give me any guidance how I could do this?

View Replies View Related

Securing Pages

tell me a way to programmatically with script at the server, reset the current user's security context from the IUSR_ account to a different one? what we'd do is anyone who is already logged in as a customer through our ASP page login setting customer-specific session variables.

we'd programmatically impersonate them as a different windows account,switching them from the anonymous IIS account they start off as. Bottom line is that we don't want them to have to login a 2nd time to get to these new pages. We've got other non-asp files that I cannot simply put behind an ASP-based login, which is why we need to lock the directory down behind Windows security.

View Replies View Related

Securing Text Files

I haven't started programming with databases yet, but instead have been saving data in asp files. The files would look something like this.... Code:

View Replies View Related

Securing Html Files

My client has purchased 'software' - it really is just a series of html documents. I need to ensure that these pages are protected and only those who log in can view them.

I am building an asp/db based login front end to ensure that users have paid for the system. I just do not know how to protect the files from there because they are html. Converting them to asp is not an option.

View Replies View Related

Securing User Data

How can I protect from SQL-injection in this instance?Code:

sql = "
SELECT dbo.admin.id, dbo.admin.email
FROM dbo.admin
WHERE dbo.admin.username = '"&Request.Form("user")&"'"

View Replies View Related

Securing The Database Access

I've learned how to basically access the database. Set ADOConn = Server.CreateObject ("ADODB.Connection")ADOConn.Open "myDataSource", "sa", "ItsASecret" But putting that code in each asp pages or putting it in the global.asa will be insecure. Since if the hacker gets the asp files or the global.asa files they will know the user id and password for the database. In this case, it's "sa" and "ItsASecret".

How can I do it so that they will never see this? I know of a way by using the Metabase.
if I'm not running my own IIS server to do that and that I'm just gonna rent a webspace what are their options? Will they let me change or add this in their metabase? If not, what's the term for securing it? How should I go about securing my database id and password?

View Replies View Related

Securing An Access Database

all my ASP sites use an Access database. Most are parts of our company intranet and i want to protect the databases from being opened but have it so that i can open the tables and make adjustments if needed.

I've tried adding a password to the database but of course that prevents it from being accessed via ASP. Just wondered if anyone had come across this problem and found a viable solution.

View Replies View Related

Securing Word Documents

I intend to send word documents thru mail to my clients. I don't want my clients to save the word document to there system and i don't want them to print the word documents. How can i achieve both the tasks ?

View Replies View Related

Securing ASP Pages After The Horse Has Bolted

I recently put together a site for a friend that needed a database to drive part of it. I tried and failed miserably at trying to learn ASP.NET & PHP so my friend sourced a web developer graduate who said he'd done a CMS for his final degree work. Great I thought, that takes care of the DB side of things.

On the back end, there are 4 web pages that deal with managing the database submissions:

1.) A login page

2.) A page to add a record to the database

3.) A page to delete a record from the database

4.) A page to update a record on the database

The login page has some sort of encryption within its ASP code but is not in protected directory so I guess it's probably subject to a brute force attack, but this I think my friend is prepared to live with as his site is so specialist and low-traffic. Code:

View Replies View Related

Securing A Database Driven Site

Firstly, apologies if this is the wrong section!

Ive created a site using ASP and an Access database. At the moment the database is unprotected, and I haven't used any usernames or passwords to access the database.
Now that development of the core site is almost complete, i want to secure the database.

View Replies View Related

Securing A Directory Of Files In A Password Protected Area

I have a client who has a password protected page (via session) that lists a bunch of pdf's. They are a little worried that you are able to browse and see the pdf's via the url without being logged in.

I'm not sure if it's possible or not but is there a way after their username and passord is verified to automatically grant them permisson to view the contents of the pdf directory?

View Replies View Related

Strings

In a string what is the character I should use to represent an enter?

View Replies View Related

Strings

i am retrieving a record from the database, I am trying to place the value of the FULLNAME field in a textbox on a Form, the Problem is that it only displays half of the name leaving out the stuff that comes after a SPACE.

Example:

adors("fullname").value <--- Actual Value is John Smith
but it only displays John
Code:

<INPUT id=text1 readonly name=txtfullname value=<%=adors("fullname").value%>>

but if I try to just response.write it anywhere on the page then it displays the entire name.

View Replies View Related

Combining 2 Sql Strings

I have 2 SQL strings:

SELECT *
FROM NK_editie " & MM_whereConst & " " & whereClause & "
ORDER BY editie desc

And

SELECT *
FROM NK_editie INNER JOIN NK_edities ON NK_editie.editieid = NK_edities.ID
ORDER BY editie desc

Now I want to combine those 2 to one string.

I have problems to set it up in working order.
My tryout:
SELECT *
FROM NK_editie INNER JOIN NK_edities ON NK_editie.editieid = NK_edities.ID &
" & MM_whereConst & " " & whereClause & "
ORDER BY editie desc

It shows al the records which are joined, only the second string " & MM_whereConst & " " & whereClause & " is not working.

View Replies View Related

Placing Strings Onto Url

I found out a really nice way to keep things on the same page is for any processing page to add on a "?<something>=<something>"

and then just check to see what the something is equal to, and the number represents what you want the front page to show.

However, this <something> shows up on the url listing in a browser. Is there anyway to .. encode it so no one can see it? Like a encode/decode function?

View Replies View Related







Copyrights 2005-15 www.BigResource.com, All rights reserved