best way for protect conn.strings?

[Hernán Castelo]

hi
what is the best way to protect
the connection strings
keeping an effective, low overheaded access
to them ?

thanks

 

[Mark Schupp]

"best" way will depend on your individual requirements. Here are a couple of
ways in what I think is least to most secure.

1. keep connection string in an include file or set into application
variable in global.asa
2. keep it in a text file that is not accessible through web, read it into
an app var in global.asa.
3. keep it in system registry, read in as needed or put in app var in
global.asa
4. embed it in an activex server-side component and call a method of that
component to open connections.

There are probably other variations as well.

 

[Hernán Castelo]

i'm using the first,
any recommendation for these option ?

the activex and registry approaches
are more expensive, talking in resources... no?

 

[Bã§TãRÐ]

The amout of overhead in dealing with connection strings is pretty low considering all of the other issues involved with
storing stuff in memory say like dictionary objects or sessions. Really, the easiest thing to do, especially if you wont be maintaining the
code or you are on a team is to throw it in the global.asa file. They only way to get access to that is if the machine is compromised
in some way. Assuming that you know what you are doing and the server is patched and updated properly, the likelyhood that it will
be an issue is very small.

Bastard