We help IT Professionals succeed at work.
Get Started

Hiding my password for my connection string asp classic

324 Views
Last Modified: 2018-01-24
I work for a corporation, to get access to a database, they do not want me to see the password.  they want to hide it in a hidden folder.
If they hid a file in a folder, and give me the path, so my webpage could read it,  that would work.  But I am getting the run around, alot of security jargon, and none of them know asp classic.  
 Is there a preferred way for me to have access to a file that I can not see the password on ?  BY access, I mean using an include statement to pull the password.

Here are some questions they ask or tell me:
  • Can you application utilize properties file with AES encryption on the password? We can also store the credentials to WebUser database


  • Schema owner access is made ONLY through encrypted strings generated by Security Access Management Team
  • o      Passwords must be encrypted or obfuscated to prevent unauthorized access


as Ste5an mentioned, I did leave out some info.  I use a connection string to connect to the database from a web page.  and in that string I hardcode a UserID and password.  so the user using the web page does not have to sign in.  the userID is a process ID.  I also store the passwords on another file on the server, and use include statements to retrieve the passwords.  When I asked them for a password, they wanted to take over my screen, to put in the password, so that I did not see the password.  Once they see my file, they do not want to put it in as text, so that I could see it.  the web page only returns results, no write or update needed.
Comment
Watch Question
IT - Project Manager
CERTIFIED EXPERT
Commented:
This problem has been solved!
Unlock 1 Answer and 3 Comments.
See Answer
Why Experts Exchange?

Experts Exchange always has the answer, or at the least points me in the correct direction! It is like having another employee that is extremely experienced.

Jim Murphy
Programmer at Smart IT Solutions

When asked, what has been your best career decision?

Deciding to stick with EE.

Mohamed Asif
Technical Department Head

Being involved with EE helped me to grow personally and professionally.

Carl Webster
CTP, Sr Infrastructure Consultant
Ask ANY Question

Connect with Certified Experts to gain insight and support on specific technology challenges including:

  • Troubleshooting
  • Research
  • Professional Opinions
Did You Know?

We've partnered with two important charities to provide clean water and computer science education to those who need it most. READ MORE