Hiding my password for my connection string asp classic

I work for a corporation, to get access to a database, they do not want me to see the password.  they want to hide it in a hidden folder.
If they hid a file in a folder, and give me the path, so my webpage could read it,  that would work.  But I am getting the run around, alot of security jargon, and none of them know asp classic.  
 Is there a preferred way for me to have access to a file that I can not see the password on ?  BY access, I mean using an include statement to pull the password.

Here are some questions they ask or tell me:
  • Can you application utilize properties file with AES encryption on the password? We can also store the credentials to WebUser database


  • Schema owner access is made ONLY through encrypted strings generated by Security Access Management Team
  • o      Passwords must be encrypted or obfuscated to prevent unauthorized access


as Ste5an mentioned, I did leave out some info.  I use a connection string to connect to the database from a web page.  and in that string I hardcode a UserID and password.  so the user using the web page does not have to sign in.  the userID is a process ID.  I also store the passwords on another file on the server, and use include statements to retrieve the passwords.  When I asked them for a password, they wanted to take over my screen, to put in the password, so that I did not see the password.  Once they see my file, they do not want to put it in as text, so that I could see it.  the web page only returns results, no write or update needed.
Jim SchwetzWeb SpecialistAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ManjuIT - Project ManagerCommented:
Well, Whenever I use ASP + MS SQL, this is what i follow:

in MS SQL - I'll create a SA authentication. i.e., ask your IT/database team to create a db user and db password with read / read & write permissions.

in Classic ASP - Use intranet authentication to connect & use an include file for SQL connections.

Ex:

in ASP - Include file should look something like this,

Dim strNTUser, iPos
strNTUser = RTrim(Request.ServerVariables("LOGON_USER"))
iPos = Len(strNTUser) - InStr(1, strNTUser,"\",1)
strNTUser = Right(strNTUser, iPos)


Set Conn = Server.CreateObject("ADODB.Connection")
set rs = Server.CreateObject("ADODB.recordset")

Conn.Open "Provider=sqloledb;Data Source=Servername;Initial Catalog=DBName;User Id=SAUserID;Password=SAPassword;" 

Open in new window

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ste5anSenior DeveloperCommented:
Sounds like either there is some information missing. Otherwise it sounds like nonsense.

You need to clarfiy the roles of administration and development. A developer does not have to know the production passwords, but a adminstrator has to.

Thus you should simply show them how they need to setup your application.
Jim SchwetzWeb SpecialistAuthor Commented:
Thanks for your input. I did put my passwords on another file.  Now to go redo my other programs so they all use the same type of password includes.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
ASP

From novice to tech pro — start learning today.