Securing ASP Data Access

27 Oct 2001 | by | Filed in
Page 1 of 7
  1. Introduction
  2. The Problems
  3. The Problems (2)
  4. Enter the Metabase
  5. Preparing the Metabase
  6. Preparing the Metabase (2)
  7. Storing Values

Introduction

As an ASP programmer, I am always writing code that accesses databases. Many applications, such as Site Server, Commerce Server, SharePoint, and Content Management Server provide their own API that helps an ASP programmer tie into this data in a secure and efficient way. That's nice if you have access to these remarkably expensive platforms, but what about the rest of us? Well, you could roll up your sleeves and just whip off a couple COM objects; however unless you are a crewmember of the starship Voyager, such miracles are unlikely.

Usually, what it comes down to is something more like this:

Set ADOConn = Server.CreateObject ("ADODB.Connection")
ADOConn.Open "myDataSource", "sa", "ItsASecret"

We need less than a second glance to see why this is bad. Any hacker who manages to view the ASP code will now have full access to your database server as well.

You might also like...

Comments

About the author

Thomas C. Carpe United States

I have been working in IT since 1993. I founded CarpeDiem Business Internet Systems in 1995. In 2000 we incroporated and took on two partners. Its really a grat lot of fun, and I enjoy working o...

Interested in writing for us? Find out more.

ASP (3.0) tutorials

ASP (3.0) books

ASP (3.0) forum discussion

ASP (3.0) podcasts

  • Hanselminutes: Startup Series: Buying an Existing Small Company or Online Application

    Published 8 years ago, running time 0h34m

    Scott talks to Rob Walling about how he purchases small niche products and companies online and revitalizes them. He recently purchased an existing product that consisted of a 300 gig database and tens of thousands of lines of Classic ASP. How did he know it was valuable? What's next?

Contribute

Why not write for us? Or you could submit an event or a user group in your area. Alternatively just tell us what you think!

Web Development

Developer Jobs

Our tools

We've got automatic conversion tools to convert C# to VB.NET, VB.NET to C#. Also you can compress javascript and compress css and generate sql connection strings.

Cancel
“We should forget about small efficiencies, say about 97% of the time: premature optimization is the root of all evil.” - Donald Knuth