Storing DB username/password for multiple pages

[wey97]

I have an https login page for SQL Server and several other pages that will need to connect with the same login info. Is it safe to store this info. in Session variables to use for the connection?

[veryjonny]

As far as I know session variables are safe in terms of security beczuse they reside on your server.

Are you trying to save the connection string in the session variable, then I guess you can go ahead and save it, but wouldnt that be hard-coing of the string? and later if you need to change the string that would require you recompile the dll. Instead I would suggest that you save the connection string in the web.config file in encrypted format.

[wey97]

As far as I know session variables are safe in terms of security beczuse they reside on your server.

Are you trying to save the connection string in the session variable, then I guess you can go ahead and save it, but wouldnt that be hard-coing of the string? and later if you need to change the string that would require you recompile the dll. Instead I would suggest that you save the connection string in the web.config file in encrypted format.

How can I save to and access it in the Web.Config?

[veryjonny]

in Web.Config

<appSettings>
<add key="ConnStr" value="coneectionstring"/>
</appSettings>

Code:

'To  access in your forms or modules

dim StrConn as string  = Configurationsettings.appsettings("Connstr")

[wey97]

But if my user name and password are not constant then I won't have any choice but to store session variables and tac them onto the end of the connection string, right?

I have a login page to verify the SQL Server login. How can I verify whether the login is correct and redirect to an error page if not or to the correct page if successful?