[lnkForumImage]
TotalShareware - Download Free Software
Confronta i prezzi di migliaia di prodotti.
Asp Forum
 Home | Login | Register | Search 


 

Forums >

microsoft.public.dotnet.framework.odbcnet

Hiding the password and UID in connect strings

farsad nasseri

8/26/2005 3:35:00 PM

Hi

I'm using ASP.NET and VB.Net to connect to a MySQL database. My connection
string is written within the VB.Net code on a button event, so it's not
easily accessed by people viewing the HTML source... However, I don't feel
comfortable with hardcoding my UID and password on the actual code. I haven't
been able to find any way of hiding this UID and password. Can someone please
help me.
2 Answers

Mark Ashton

8/26/2005 7:05:00 PM

0

If they have access to the connection object, putting ''persist security
info=false'' will remove the password from the returned conenction string
once the connection has been opened. This is the default for ADO.NET but
not ADODB.

Don''t hardcode the connectionstring in the application, instead load it from
a config file that has the neccessary NTFS ACLs.

--
This posting is provided "AS IS", with no warranties, and confers no rights.
Please do not send email directly to this alias. This alias is for newsgroup
purposes only.

"farsad nasseri" <farsadnasseri@discussions.microsoft.com> wrote in message
news:A13ACBD1-BF14-4323-8843-7DBD9A26BB63@microsoft.com...
> Hi
>
> I''m using ASP.NET and VB.Net to connect to a MySQL database. My connection
> string is written within the VB.Net code on a button event, so it''s not
> easily accessed by people viewing the HTML source... However, I don''t feel
> comfortable with hardcoding my UID and password on the actual code. I
> haven''t
> been able to find any way of hiding this UID and password. Can someone
> please
> help me.


farsad nasseri

8/27/2005 3:29:00 AM

0

Would you be able to tell me how I can load the connection string from some
config file? and how I can have the necessary NTFS ACLs.?? I''m using VB.Net
and ASP.Net... I have no idea how to do this.. kinda new to this.

"Mark Ashton" wrote:

> If they have access to the connection object, putting ''persist security
> info=false'' will remove the password from the returned conenction string
> once the connection has been opened. This is the default for ADO.NET but
> not ADODB.
>
> Don''t hardcode the connectionstring in the application, instead load it from
> a config file that has the neccessary NTFS ACLs.
>
> --
> This posting is provided "AS IS", with no warranties, and confers no rights.
> Please do not send email directly to this alias. This alias is for newsgroup
> purposes only.
>
> "farsad nasseri" <farsadnasseri@discussions.microsoft.com> wrote in message
> news:A13ACBD1-BF14-4323-8843-7DBD9A26BB63@microsoft.com...
> > Hi
> >
> > I''m using ASP.NET and VB.Net to connect to a MySQL database. My connection
> > string is written within the VB.Net code on a button event, so it''s not
> > easily accessed by people viewing the HTML source... However, I don''t feel
> > comfortable with hardcoding my UID and password on the actual code. I
> > haven''t
> > been able to find any way of hiding this UID and password. Can someone
> > please
> > help me.
>
>
>