SECURITY: Best Practices for Handling Connection Strings

R

Ryan N.

Hello,
I saw a brief blurb on this somewhere and am unable to recall where...

In the context of Security, what are some best practices for
handling -storing, locating, retrieving- database OLEDB connection strings?

I have typically used a single include file and even considered stuffing the
string in a document (XML or otherwise) outside of the root directory. I
know of and have used methods to store connection strings in the registry of
the server. My thinking is the optimal solution involves some form of
encryption and locating the string outside of the site itself.

What about storing the connection string in a database? -just seeing if you
were awake (-;

Links to articles or other such resources will be greatly appreciated.
 
2

[ + 2 0 r p 3 ]

i usually store my connection string in a application variable located in
the global.asa file.

ie

application("conn") = "yourconnectionstring"

the other thing i was just thinking about the other day was to include it in
a dll. havent tried it yet, but cant see why its not possible.
 
R

Ryan N.

Thanks for the response.

Some observations...

I can see some potential issues with keeping a connection string within a
compiled dll in that if the server configuration settings change the dll
will have to be rebuilt and redeployed.

Application variables are a viable option as long as there is only one
application within the site -or very few for that matter.

What other 'Best Practice' ideas are out there?

--
Cheers!

Ryan N.
---------------------------------
Funny...this worked yesterday....
i usually store my connection string in a application variable located in
the global.asa file.

ie

application("conn") = "yourconnectionstring"

the other thing i was just thinking about the other day was to include it in
a dll. havent tried it yet, but cant see why its not possible.

Ryan N. said:
Hello,
I saw a brief blurb on this somewhere and am unable to recall where...

In the context of Security, what are some best practices for
handling -storing, locating, retrieving- database OLEDB connection strings?

I have typically used a single include file and even considered stuffing the
string in a document (XML or otherwise) outside of the root directory. I
know of and have used methods to store connection strings in the
Click to expand...
registry
Click to expand...
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Exception Handling Practices / Patterns 7
Exception handling best practices? 4
Database usage best practices 11
Best practices resource/guidance for strings 6
connection to db best practices 6
Best Practices for handling sensitve data in the UI 5
XML Database Best Practices 9
ASP.NET Forms Authentication Best Practices 0

Members online

Total: 42 (members: 4, guests: 38)
Robots: 452

Forum statistics

Threads
473,767
Messages
2,569,572
Members
45,046
Latest member
Gavizuho

Latest Threads

Top