dcsimg
Results 1 to 10 of 10

Thread: Hacking Question

  1. #1

    Thread Starter
    Fanatic Member
    Join Date
    Jun 2000
    Location
    Forest
    Posts
    545

    Hacking Question

    Hi,

    Here is something I have been thinking about. Currently, I keep the connection string to the database inside a COM component. This way, if someone hacks into my computer, they cannot get the userid and password to the database.

    I was just curious. If I stored my connection string inside the global.asa or the asp page itself, would that be safe. Can someone hack into my server and steal the global.asa or asp page and view my connection string. At that point, they have my userid and password to access my database.

    Thanks
    Bird of Prey

    Mr. Bald Eagle.
    [img][/img]

  2. #2
    ASP.NET Moderator mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,174

  3. #3
    ASP.NET Moderator mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,174
    More related links (including the above one)
    http://www.aspin.com/home/references/security

  4. #4

    Thread Starter
    Fanatic Member
    Join Date
    Jun 2000
    Location
    Forest
    Posts
    545
    Thanks Frogman
    Bird of Prey

    Mr. Bald Eagle.
    [img][/img]

  5. #5
    ASP.NET Moderator mendhak's Avatar
    Join Date
    Feb 2002
    Location
    Ulaan Baator GooGoo: Frog
    Posts
    38,174
    YW, bald eagle.

  6. #6
    Frenzied Member msimmons's Avatar
    Join Date
    Jul 2001
    Location
    Houston, TX
    Posts
    1,057
    but how do you do it?
    I'm off to GalahTech, hope to see you there.

    If you don't like the rules they make, refuse to play their game. -- Steve Ignorant.

  7. #7
    Black Cat JoshT's Avatar
    Join Date
    Nov 2000
    Location
    WNY, USA
    Posts
    4,032

    Re: Hacking Question

    Originally posted by Hawk

    Here is something I have been thinking about. Currently, I keep the connection string to the database inside a COM component. This way, if someone hacks into my computer, they cannot get the userid and password to the database.
    What if they open your COM component in a hex editor? Unless it's encrypted well, they could still see the string.

    Global.asa is a plain text file, all they'd need is read access to that on the file system.
    Josh
    Get these: Mozilla Opera OpenBSD
    I have books for sale: "MCSD in a Nutshell" and "VB Distributed Exam Cram" - PM me for details. Will also trade for a decent ATX Pentium 2 MB/CPU/RAM combo.

  8. #8

    Thread Starter
    Fanatic Member
    Join Date
    Jun 2000
    Location
    Forest
    Posts
    545
    Can you give me an example of basic starting encryption? Do you create this encryption in COM also?

    Thanks
    Bird of Prey

    Mr. Bald Eagle.
    [img][/img]

  9. #9
    Black Cat JoshT's Avatar
    Join Date
    Nov 2000
    Location
    WNY, USA
    Posts
    4,032
    Originally posted by Hawk
    Can you give me an example of basic starting encryption? Do you create this encryption in COM also?

    Thanks
    Use a well known publically tested and proven encryption algorithm - you could buy/make/download a COM based DLL (MS has CAPICOM for free), or you could implement the algorithm yourself. Don't even bother with the little encryption algorithms people like to post to sites like Planet Source Code or here, get the open well known ones (DES, 3DES, or whatever).
    Josh
    Get these: Mozilla Opera OpenBSD
    I have books for sale: "MCSD in a Nutshell" and "VB Distributed Exam Cram" - PM me for details. Will also trade for a decent ATX Pentium 2 MB/CPU/RAM combo.

  10. #10

    Thread Starter
    Fanatic Member
    Join Date
    Jun 2000
    Location
    Forest
    Posts
    545
    Okie Dokie!

    Thanks Josh
    Bird of Prey

    Mr. Bald Eagle.
    [img][/img]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Featured


Click Here to Expand Forum to Full Width