Re: securing ODBC connection details in ASP app's on IIS 6

From: Ken Schaefer (kenREMOVE_at_THISadOpenStatic.com)
Date: 11/06/03 

Date: Thu, 6 Nov 2003 22:14:35 +1100

a) If you are using ODBC you can use a DSN, which stores the details in the
registry. You can secure the relevant registry keys (if you're afraid
someone might connect across the network), or even disable the Remote
Registry service (if you are sure you don't need it).

b) If you are using something like SQL Server, you might be able to move to
using Integrated Windows Authentication, which means that your ASP/ASP.Net
pages (or whatever you're running) will connect using the user context that
the actual page is running under (no need to specify a username/password
anywhere)

Cheers
Ken

"slyi" <sly_i@hotmail.com> wrote in message
news:7171601.0311060237.27edbd23@posting.google.com...
: Hi All,
: I have a web app that uses IIS 5 Metabase to store ODBC
: connection details as described here
: (http://www.devarticles.com/art/1/592).
:
: Our comapany would like to migrate their win2k server to Windows 2003
: to increase the security but when i try to add the custom class's
: using the metaschema.vbs script in the artical on a windows 2003
: server i get errors and the class doesnt get created sucessfully.
: This script works fine on win2k. I know the metabase schema has
: changed a lot since IIS 5.
:
: Is there any built-in class's in ISS 6 Metabase schema that would have
: that has the same functionality(can securely store datasource,
: username and password) or does anyone have an update to this great and
: useful script.
:
: If not does anyone know of another/better way to securely store/access
: DB connection details etc apart from plain text in global.asa.
:
: Thanks for your help and thoughts
:
: slyi

Relevant Pages

  • Re: Disable Cert Check under WM5
    ... The password has an association with the "Secure" registry state. ... Just missed the previous post by Carl Wolz ... ... > still need a cert if you are syncing SSL ...
    (microsoft.public.pocketpc.activesync)
  • RE: Problems authenticating server for SSLStream negotiation
    ... A utility loads the PFX file, which includes the private key, then stores that in the registry. ... The PFX was built at the server by importing our certificate, and then exporting to PFX, supplying the password, choosing to include the private key, and to NOT delete the key after export. ...
    (microsoft.public.dotnet.security)
  • Re: secure folder sharing?
    ... > records in order to secure our default sharing folders ... There is a registry entry for this. ... of many security issues. ... The best idea to secure your computer is to follow ...
    (microsoft.public.win2000.security)
  • RE: Where to store application expiration date in a trial app
    ... You say "Such as the Registry" making the assumption that it is a "secure ... So where is the most secure place to store ... obj as AssemblyConfigurationAttribute; ...
    (microsoft.public.dotnet.languages.csharp)
  • Re: NeedhHelp with fax wizard
    ... but the Fax module is the updated version of Win XP Fax and I see nothing there that stores the number of the last recipient. ... It doesn't store every person you fax to in the registry, ... hoping there is a registry key that would turn this feature back on. ... This is entered manually into the fax wizard pages. ...
    (microsoft.public.windowsxp.print_fax)