I am working with our web developer to find a way to connect to our AS/400 from ASP.NET running on Server 2003. My first inclination is to create a database DLL that connects to the AS/400 and returns various data elements from Stored Procedures. I can hard code a connection string in the DLL that I create with C# to access the AS/400 database. The access to our AS/400 can be limited to calling only a select group of stored procedures. The ASP.NET application would simply utilize the DLL to connect to the AS/400.
We could also store the connection string in the Web.Config file on the ASP server. I understand that if our server gets hacked, that connection string could be viewed.
Is there a best practice for this kind of connection? Anybody doing ASP connecting to the AS/400 (System-i)?