We help IT Professionals succeed at work.

Dreamweaver Connection String Security?

Slim81
Slim81 asked
on
Hey Guys and Gals,
I have just created my first connection to an MYSQL db that is located on the hosting server.  I use Dreamweaver to built my sites using Classic ASP.

The specific connection string I found here on experts-exchange had me plug in the IP address (local machine IP I believe 127.0.0.1, I connect from my workstation to the hosting server via a tunnel, hopefully that makes sense!), db name, user name, and password.

Am I crazy in thinking that is isn't very secure?  Doesn't this give all the information needed to gain access to my db?  Wouldn't someone simply have to go to whateversite.com/connections (as this is the default dreamweaver connections folder) and they could somehow find my connection string?

I had been using an Access DB for years and I was able to place the .mdb file in a private folder that didn't allow for the db to be downloaded.  I am new to mySQL and I believe it can not be "downloaded" the same way, but doesn't giving the db name, user name, password compromise the security?

Any information you guys have would help!

Thanks
Comment
Watch Question

Don't talk to me.
Commented:
Hi Slim81,

The connection string is stored as ASP code and called as an ASP include.  So unless your server is configured to show directory contents if no default page (index etc) is present, no one can get the name of the file with the connection strings.    But let's assume someone guess that name and browses straight to the file.  Because the details are in server-side code, nothing gets returned to the browser (the user would see a blank screen) again assuming your server is functioning properly.

So it's fairly safe.