|
-
Feb 22nd, 2003, 08:58 AM
#1
Thread Starter
Fanatic Member
Hacking Question
Hi,
Here is something I have been thinking about. Currently, I keep the connection string to the database inside a COM component. This way, if someone hacks into my computer, they cannot get the userid and password to the database.
I was just curious. If I stored my connection string inside the global.asa or the asp page itself, would that be safe. Can someone hack into my server and steal the global.asa or asp page and view my connection string. At that point, they have my userid and password to access my database.
Thanks
Bird of Prey
Mr. Bald Eagle.
[img][/img]
-
Feb 23rd, 2003, 11:58 PM
#2
-
Feb 23rd, 2003, 11:59 PM
#3
More related links (including the above one)
http://www.aspin.com/home/references/security
-
Feb 24th, 2003, 03:10 AM
#4
Thread Starter
Fanatic Member
Thanks Frogman 
Bird of Prey
Mr. Bald Eagle.
[img][/img]
-
Feb 24th, 2003, 09:41 AM
#5
YW, bald eagle.
-
Feb 24th, 2003, 10:26 AM
#6
Frenzied Member
but how do you do it? 
I'm off to GalahTech, hope to see you there.
If you don't like the rules they make, refuse to play their game. -- Steve Ignorant.
-
Feb 24th, 2003, 11:18 AM
#7
Black Cat
Re: Hacking Question
Originally posted by Hawk
Here is something I have been thinking about. Currently, I keep the connection string to the database inside a COM component. This way, if someone hacks into my computer, they cannot get the userid and password to the database.
What if they open your COM component in a hex editor? Unless it's encrypted well, they could still see the string.
Global.asa is a plain text file, all they'd need is read access to that on the file system.
Josh
Get these: Mozilla Opera OpenBSD
I have books for sale: "MCSD in a Nutshell" and "VB Distributed Exam Cram" - PM me for details. Will also trade for a decent ATX Pentium 2 MB/CPU/RAM combo.
-
Feb 24th, 2003, 02:21 PM
#8
Thread Starter
Fanatic Member
Can you give me an example of basic starting encryption? Do you create this encryption in COM also?
Thanks
Bird of Prey
Mr. Bald Eagle.
[img][/img]
-
Feb 25th, 2003, 11:28 AM
#9
Black Cat
Originally posted by Hawk
Can you give me an example of basic starting encryption? Do you create this encryption in COM also?
Thanks
Use a well known publically tested and proven encryption algorithm - you could buy/make/download a COM based DLL (MS has CAPICOM for free), or you could implement the algorithm yourself. Don't even bother with the little encryption algorithms people like to post to sites like Planet Source Code or here, get the open well known ones (DES, 3DES, or whatever).
Josh
Get these: Mozilla Opera OpenBSD
I have books for sale: "MCSD in a Nutshell" and "VB Distributed Exam Cram" - PM me for details. Will also trade for a decent ATX Pentium 2 MB/CPU/RAM combo.
-
Feb 25th, 2003, 04:24 PM
#10
Thread Starter
Fanatic Member
Okie Dokie!
Thanks Josh
Bird of Prey
Mr. Bald Eagle.
[img][/img]
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote
