...

View Full Version : encrypting a connection string in classic ASP



Baleric
10-22-2007, 03:16 AM
hello,

I would like to 1 way encrypt my query string for a 2005 sql database,
everything i find is only used for .net

can someone please guide me in the right direction?


Thanks in advance

Baleric

Spudhead
10-22-2007, 08:39 AM
Have a look on 4guysfromrolla, there's an article on there that does a version of (I think) rc4 encryption. Mind, I had all sorts of trouble making it work and eventually gave up and did my crypting in PHP.

Baleric
10-23-2007, 03:49 AM
i cant get the thing working... it encrypts and send it into the DB, but i want the string encrypted inside the asp file, so if someone gets to it, they cant see the connection string and passwords to my DB

Spudhead
10-23-2007, 11:43 AM
I don't think you can encrypt part of a file. So:

You could keep your connection string in a separate file, and decrypt it each time. That might have a significant performance impact, though.

You could take your connection string out of text files altogether and use a DSN connection. I don't know how possible that is for you or how it would impact your application.

Or, you could take the view that I'd subscribe to and consider that if someone's got access your your unparsed ASP files, then your server's been pretty comprehensively, err, pwned... and shutting the stable door on your database is gonna be the least of your worries :D



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum