DB Password in ASP

Posted on 2012-08-20
Last Modified: 2012-08-23
I have a simple aspx page located under /inetpub/wwwroot that contains a db username and password to a MSSQL database.  My question is, is the password safe from someone browsing my site?  After the file loaded in my browser, I did not see it under View Code, but I am wondering if there is another trick that I am not aware of.

Here is the code:

ConnString="DRIVER={SQL Server};SERVER=myservername;UID=myusername;" & _ 

Open in new window

Question by:jekautz
    LVL 5

    Accepted Solution

    Good evening!  Some variant of this scenario is how many / most classic ASP sites maintained connection string details.  As long as your credentials are not sent to the output buffer (using Response.Write or the like), or stored in a file that is not processed by the ASP runtime, this should be safely interpreted server side and never rendered for the client.  Here's a SO link that mentions this:
    LVL 26

    Expert Comment

    by:Alan Warren
    Hi jekautz,

    No, absolutely not, nothing on the Internet is secure.
    Your web.config is as secure as your login credentials with your host provider, or your ftp login credentials, which your site most likely publishes as an 'A' record in it's DNS.

    The military gave us 128 bit encryption with Win 95, because it is worthless to them, they can crack it in an instant.

    In regard to the average user, your web.config is secure, but to the powers that be... no way!

    I'm not a pessimist, I'm a realist.

    Alan ";0)

    Featured Post

    How to improve team productivity

    Quip adds documents, spreadsheets, and tasklists to your Slack experience
    - Elevate ideas to Quip docs
    - Share Quip docs in Slack
    - Get notified of changes to your docs
    - Available on iOS/Android/Desktop/Web
    - Online/Offline

    Join & Write a Comment

    If you don't have the right permissions set for your WordPress location in IIS, you won't be able to perform automatic updates. Here's how to fix the problem.
    Using in-flight Wi-Fi when you travel? Business travelers beware! In-flight Wi-Fi networks could rip the door right off your digital privacy portal. That’s no joke either, as it might also provide a convenient entrance for bad threat actors.
    Hi everyone! This is Experts Exchange customer support.  This quick video will show you how to change your primary email address.  If you have any questions, then please Write a Comment below!
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now