Database Password

[A.M]

Hi,

We have a web server running ASP.NET app in DMZ zone provided by Cisco PIX
firewall.
The web application is sending user id and password to the database server.
What is the best practice to make the connection string secure?

Thanks,
Ali

 

[Steve C. Orr, MCSD]

You can store your password encrypted in the registry.
Here's more information:
http://msdn.microsoft.com/library/d.../en-us/cpgenref/html/gngrfidentitysection.asp

 

[Jerry III]

Do not store the actual password. Store a hash instead. Unless you're
talking about the connection password, in that case you should use Windows
authentication so the password would not be sent (and encrypt the
connection).

Jerry