Last Updated: May 25, 2012

June 21, 2010

How to Secure an MS SQL Connection String in ASP.NET

Securing an MS SQL connection string in ASP.NET is a vital procedure especially for protecting corporate clients and those that store their credit card information in a database. The result of not doing this can be a hacker obtaining all this information and exploiting it for personal use.

Consequently there are a few methods for securing an MS SQL connection string in ASP.NET. These methods include:

  • Encrypting the connection string
  • Saving the connection string in Windows registry
  • Saving the connection string as a DLL
  • Storing the connection string
  • Using a DSN connection string

By encrypting a connection string, it must be written in ASP.NET 2.0 because this is a new feature update. Encrypting the string will result in a much more secure environment protecting pertinent client information.

Another secure method is to save the connection string in Windows registry. The only issue is that appropriate permissions must be granted so that the web user can actually read the data that’s available within the Windows registry.

By saving the connection string as a DLL, Visual Basic must be used. Although the data will be secure, there’s one primary shortcoming involved in the process. Decryption of the DLL is a must in order to make any changes. Once the changes are completed, it must be re-encrypted. This can cause complications   especially on a shared hosting plan.

An addition method of security is to store the connection string in a web.config or global.asa file. These files cannot be accessed from a browser making them extremely difficult to connect to by an outside user. However, webmasters should enable customer error within web.config to display a message in the event of an error.

The final method is to use a DSN connection string. This can be conducted right in the hosting provider’s control panel. This method simply creates a DSN with an ODBC connector that stores the database username and password. This can also be accomplished on a Windows server with top permissions by accessing Start – Administrative Tools – Data Sources (ODBC).

Security is one of the most important issues within server maintenance. By personally securing as many aspects of your website as possible, the risk of an attack will greatly decrease. The previous tips will improve the security of a MS SQL connection string in ASP.NET thus eliminating another weakness within server systems.

Popular Links

  • No Comments

Categories: Scripting


Tags: MS SQLMS SQL connectionASPasp.netencrypting a connection string 

Related articles:

October 28, 2010 — What is ASP Web Hosting?

October 13, 2009 — Windows Hosting with Silverlight

February 19, 2009 — CGI: The Multipurpose Development Tool

December 09, 2008 — Shared Security Risks

April 10, 2009 — ASP vs. ASP.NET

February 28, 2011 — Why Should You Consdier Linux Hosting?

March 05, 2009 — The Power of Windows Hosting

December 05, 2008 — Introduction to Scripting Languages

October 30, 2008 — Introduction to Windows Hosting

October 19, 2009 — Dynamic Websites with Windows Hosting

Post comment:

Items marked by * are required

Find your hosting

Can’t decide what hosting is right for you? Read our Guide on how to pick a Web Hosting Provider.

Read the Buying Guide

Latest reviews

May 21, 2012

Danny

+ 5 5

Hosthero Ltd
Hosthero Ltd

Read full review

May 20, 2012

Brandon Allin

+ 5 5

WebHostingBuzz
WebHostingBuzz

Read full review

May 20, 2012

Banjamin

+ 4.7 4.7

247 Host
247 Host

Read full review

Advertising

Categiories

Calendar

Archives

Show more

Blogroll