SQLServer Auth Methods

  • Thread starter Thread starter Tina
  • Start date Start date
T

Tina

In asp.net 1.1 what are the best ways to connect to sql server? I know that
putting a password and a user ID in the connection string, in the web config
is probably not the most secure. What about authorizing aspnet to access
the database? then there is no need for password and uid.

What about having the UID/Password in code in the global.asax.vb module -
then it would not be as visible as it is in the WebConfig.

I know we can encrypt the connectionstring in 2.0 but I don't think that's
possible in 1.1.

Thanks,
Tina
 
I know that putting a password and a user ID in the connection string in
the web config is probably not the most secure.
Click to expand...

There's an argument for saying that if your security is so awful that
unauthorised people are able to read your web.config, then its contents
really are the least of your worries... :-)
What about authorizing aspnet to access the database? then there is no
need for password and uid.
Click to expand...

If you're talking about integrated security, that's correct.
What about having the UID/Password in code in the global.asax.vb module -
then it would not be as visible as it is in the WebConfig.
Click to expand...

Again, if your code is visible, you really need to seek professional
advice...
I know we can encrypt the connectionstring in 2.0 but I don't think that's
possible in 1.1.
Click to expand...

Why not? Cryptography has been built into .NET since v1.0...
 
If you are in position to setup integrated security, it is a good choice. By
"in position" I mean an ability to control the database server to get it to
accept windows logins from asp.net and to setup database access rights.

--
Eliyahu Goldin,
Software Developer & Consultant
Microsoft MVP [ASP.NET]
http://msmvps.com/blogs/egoldin
http://usableasp.net
 
Back
Top