Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > SECURITY: Best Practices for Handling Connection Strings

Reply
Thread Tools

SECURITY: Best Practices for Handling Connection Strings

 
 
Ryan N.
Guest
Posts: n/a
 
      02-11-2004
Hello,
I saw a brief blurb on this somewhere and am unable to recall where...

In the context of Security, what are some best practices for
handling -storing, locating, retrieving- database OLEDB connection strings?

I have typically used a single include file and even considered stuffing the
string in a document (XML or otherwise) outside of the root directory. I
know of and have used methods to store connection strings in the registry of
the server. My thinking is the optimal solution involves some form of
encryption and locating the string outside of the site itself.

What about storing the connection string in a database? -just seeing if you
were awake (-;

Links to articles or other such resources will be greatly appreciated.

--
Cheers!

Ryan N.
---------------------------------
Funny...this worked yesterday....


 
Reply With Quote
 
 
 
 
[ + 2 0 r p 3 ]
Guest
Posts: n/a
 
      02-11-2004
i usually store my connection string in a application variable located in
the global.asa file.

ie

application("conn") = "yourconnectionstring"

the other thing i was just thinking about the other day was to include it in
a dll. havent tried it yet, but cant see why its not possible.

"Ryan N." <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> Hello,
> I saw a brief blurb on this somewhere and am unable to recall where...
>
> In the context of Security, what are some best practices for
> handling -storing, locating, retrieving- database OLEDB connection

strings?
>
> I have typically used a single include file and even considered stuffing

the
> string in a document (XML or otherwise) outside of the root directory. I
> know of and have used methods to store connection strings in the registry

of
> the server. My thinking is the optimal solution involves some form of
> encryption and locating the string outside of the site itself.
>
> What about storing the connection string in a database? -just seeing if

you
> were awake (-;
>
> Links to articles or other such resources will be greatly appreciated.
>
> --
> Cheers!
>
> Ryan N.
> ---------------------------------
> Funny...this worked yesterday....
>
>



 
Reply With Quote
 
 
 
 
Ryan N.
Guest
Posts: n/a
 
      02-11-2004
Thanks for the response.

Some observations...

I can see some potential issues with keeping a connection string within a
compiled dll in that if the server configuration settings change the dll
will have to be rebuilt and redeployed.

Application variables are a viable option as long as there is only one
application within the site -or very few for that matter.

What other 'Best Practice' ideas are out there?

--
Cheers!

Ryan N.
---------------------------------
Funny...this worked yesterday....
"[ + 2 0 r p 3 ]" <(E-Mail Removed)> wrote in message
news:%(E-Mail Removed)...
> i usually store my connection string in a application variable located in
> the global.asa file.
>
> ie
>
> application("conn") = "yourconnectionstring"
>
> the other thing i was just thinking about the other day was to include it

in
> a dll. havent tried it yet, but cant see why its not possible.
>
> "Ryan N." <(E-Mail Removed)> wrote in message
> news:%(E-Mail Removed)...
> > Hello,
> > I saw a brief blurb on this somewhere and am unable to recall where...
> >
> > In the context of Security, what are some best practices for
> > handling -storing, locating, retrieving- database OLEDB connection

> strings?
> >
> > I have typically used a single include file and even considered stuffing

> the
> > string in a document (XML or otherwise) outside of the root directory.

I
> > know of and have used methods to store connection strings in the

registry
> of
> > the server. My thinking is the optimal solution involves some form of
> > encryption and locating the string outside of the site itself.
> >
> > What about storing the connection string in a database? -just seeing if

> you
> > were awake (-;
> >
> > Links to articles or other such resources will be greatly appreciated.
> >
> > --
> > Cheers!
> >
> > Ryan N.
> > ---------------------------------
> > Funny...this worked yesterday....
> >
> >

>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Exception handling best practices? csharper ASP .Net 4 10-20-2010 10:41 PM
error handling best practices MaksimKneller C++ 22 08-26-2010 04:48 PM
Best practices resource/guidance for strings Cs Webgrl Ruby 6 07-03-2010 06:12 PM
Best Practices for handling sensitve data in the UI Bill Fuller ASP .Net 5 08-13-2007 08:30 PM
Error Handling - Best Practices =?Utf-8?B?U2FuZHk=?= ASP .Net 4 05-07-2005 03:08 PM



Advertisments