Library tutorials & articles

Securing ASP Data Access

By Thomas C. Carpe, published on 27 Oct 2001
Page 1 of 7
  1. Introduction
  2. The Problems
  3. The Problems (2)
  4. Enter the Metabase
  5. Preparing the Metabase
  6. Preparing the Metabase (2)
  7. Storing Values

Introduction

As an ASP programmer, I am always writing code that accesses databases. Many applications, such as Site Server, Commerce Server, SharePoint, and Content Management Server provide their own API that helps an ASP programmer tie into this data in a secure and efficient way. That's nice if you have access to these remarkably expensive platforms, but what about the rest of us? Well, you could roll up your sleeves and just whip off a couple COM objects; however unless you are a crewmember of the starship Voyager, such miracles are unlikely.

Usually, what it comes down to is something more like this:

Set ADOConn = Server.CreateObject ("ADODB.Connection")
ADOConn.Open "myDataSource", "sa", "ItsASecret"

We need less than a second glance to see why this is bad. Any hacker who manages to view the ASP code will now have full access to your database server as well.

Comments

  1. kruelintent
    18 Mar 2004 at 05:32

    Very impressive.


    Having been battling with ASP database security it is nice to know the solution is out there although it is still quite worrying that database security is quite so vunerable without going to these extremes.


    Thanks.


    Tom.

  2. kruelintent
    18 Mar 2004 at 05:32

    Very impressive.


    Having been battling with ASP database security it is nice to know the solution is out there although it is still quite worrying that database security is quite so vunerable without going to these extremes.


    Thanks.


    Tom.

  3. caster_troy
    23 Jul 2002 at 10:12
    Is this the end of the article?
  4. Developer Fusion Bot
    01 Jan 1999 at 00:00

    This thread is for discussions of Securing ASP Data Access.

Leave a comment

Sign in or Join us (it's free).

Related tags

asp
Thomas C. Carpe I have been working in IT since 1993. I founded CarpeDiem Business Internet Systems in 1995. In 2000 we incroporated and took on two partners. Its really a grat lot of fun, and I enjoy working on t...
AddThis

Related articles

Ask a question

Related discussion

Related podcasts

  • Scott Guthrie

    Scott catches up with Scott Guthrie in an interview covering Ajax, Asp 2.0, extender controls, CSS adapters and more.

Events coming up

Languages

Web Development

Frameworks & Architecture

Other major sections

Cancel
We'd love to hear what you think! Submit ideas or give us feedback