SECURITY: Best Practices for Handling Connection Strings

Discussion in 'ASP General' started by Ryan N., Feb 11, 2004.

  1. Ryan N.

    Ryan N. Guest

    Hello,
    I saw a brief blurb on this somewhere and am unable to recall where...

    In the context of Security, what are some best practices for
    handling -storing, locating, retrieving- database OLEDB connection strings?

    I have typically used a single include file and even considered stuffing the
    string in a document (XML or otherwise) outside of the root directory. I
    know of and have used methods to store connection strings in the registry of
    the server. My thinking is the optimal solution involves some form of
    encryption and locating the string outside of the site itself.

    What about storing the connection string in a database? -just seeing if you
    were awake (-;

    Links to articles or other such resources will be greatly appreciated.

    --
    Cheers!

    Ryan N.
    ---------------------------------
    Funny...this worked yesterday....
    Ryan N., Feb 11, 2004
    #1
    1. Advertising

  2. i usually store my connection string in a application variable located in
    the global.asa file.

    ie

    application("conn") = "yourconnectionstring"

    the other thing i was just thinking about the other day was to include it in
    a dll. havent tried it yet, but cant see why its not possible.

    "Ryan N." <> wrote in message
    news:%...
    > Hello,
    > I saw a brief blurb on this somewhere and am unable to recall where...
    >
    > In the context of Security, what are some best practices for
    > handling -storing, locating, retrieving- database OLEDB connection

    strings?
    >
    > I have typically used a single include file and even considered stuffing

    the
    > string in a document (XML or otherwise) outside of the root directory. I
    > know of and have used methods to store connection strings in the registry

    of
    > the server. My thinking is the optimal solution involves some form of
    > encryption and locating the string outside of the site itself.
    >
    > What about storing the connection string in a database? -just seeing if

    you
    > were awake (-;
    >
    > Links to articles or other such resources will be greatly appreciated.
    >
    > --
    > Cheers!
    >
    > Ryan N.
    > ---------------------------------
    > Funny...this worked yesterday....
    >
    >
    [ + 2 0 r p 3 ], Feb 11, 2004
    #2
    1. Advertising

  3. Ryan N.

    Ryan N. Guest

    Thanks for the response.

    Some observations...

    I can see some potential issues with keeping a connection string within a
    compiled dll in that if the server configuration settings change the dll
    will have to be rebuilt and redeployed.

    Application variables are a viable option as long as there is only one
    application within the site -or very few for that matter.

    What other 'Best Practice' ideas are out there?

    --
    Cheers!

    Ryan N.
    ---------------------------------
    Funny...this worked yesterday....
    "[ + 2 0 r p 3 ]" <> wrote in message
    news:%...
    > i usually store my connection string in a application variable located in
    > the global.asa file.
    >
    > ie
    >
    > application("conn") = "yourconnectionstring"
    >
    > the other thing i was just thinking about the other day was to include it

    in
    > a dll. havent tried it yet, but cant see why its not possible.
    >
    > "Ryan N." <> wrote in message
    > news:%...
    > > Hello,
    > > I saw a brief blurb on this somewhere and am unable to recall where...
    > >
    > > In the context of Security, what are some best practices for
    > > handling -storing, locating, retrieving- database OLEDB connection

    > strings?
    > >
    > > I have typically used a single include file and even considered stuffing

    > the
    > > string in a document (XML or otherwise) outside of the root directory.

    I
    > > know of and have used methods to store connection strings in the

    registry
    > of
    > > the server. My thinking is the optimal solution involves some form of
    > > encryption and locating the string outside of the site itself.
    > >
    > > What about storing the connection string in a database? -just seeing if

    > you
    > > were awake (-;
    > >
    > > Links to articles or other such resources will be greatly appreciated.
    > >
    > > --
    > > Cheers!
    > >
    > > Ryan N.
    > > ---------------------------------
    > > Funny...this worked yesterday....
    > >
    > >

    >
    >
    Ryan N., Feb 11, 2004
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. =?Utf-8?B?U2FuZHk=?=

    Error Handling - Best Practices

    =?Utf-8?B?U2FuZHk=?=, May 6, 2005, in forum: ASP .Net
    Replies:
    4
    Views:
    575
    =?Utf-8?B?U2FuZHk=?=
    May 7, 2005
  2. Bill Fuller
    Replies:
    5
    Views:
    368
    sloan
    Aug 13, 2007
  3. MaksimKneller

    error handling best practices

    MaksimKneller, Aug 23, 2010, in forum: C++
    Replies:
    22
    Views:
    1,191
  4. csharper

    Exception handling best practices?

    csharper, Oct 19, 2010, in forum: ASP .Net
    Replies:
    4
    Views:
    1,190
    Felix Palmen
    Oct 20, 2010
  5. Cs Webgrl
    Replies:
    6
    Views:
    112
    Josh Cheek
    Jul 3, 2010
Loading...

Share This Page