Home arrow ASP arrow Page 4 - Securing ASP Data Access Credentials Using the IIS Metabase
ASP

Securing ASP Data Access Credentials Using the IIS Metabase


Protect both your database and server by using ASP the way Thomas outlines in this article. Enjoy the read and secure your ASP Data Access at the same time.

Author Info:
By: Thomas Carpe
Rating: 5 stars5 stars5 stars5 stars5 stars / 44
June 06, 2003
TABLE OF CONTENTS:
  1. · Securing ASP Data Access Credentials Using the IIS Metabase
  2. · The Article
  3. · More Issues About the Metabase
  4. · Where to Go From Here

print this article
SEARCH DEVARTICLES

Securing ASP Data Access Credentials Using the IIS Metabase - Where to Go From Here
(Page 4 of 4 )

You've learned how to configure the metabase, set up security, add keys and data to it, and finally read that data into a web application. These abilities serve as a foundation that will allow you to accomplish a great deal using the metabase. Now that you've completed this project, there are a lot of things you can do to take this code even further and make it truly useful.

With a little extra work, you can craft this lesson into a customized code library or component that will help you manage your usernames and passwords that might otherwise have been vulnerable. You could even build this up to the point where you have a tool that could be sold commercially. At the very least, you can use this code to retool the database driven ASP applications that you have now or might create someday.

Why not use code similar to MetaRead.asp in your global.asa file instead? You could put your metabase read function into an include file, and call it from global.asa using a single parameter to specify the key to read from. Of course, for performance reasons you shouldn't actually create your ADO connections at the application level, however, you can put these commands in an include file and have them read the credentials from application level objects created in global.asa.

Let's not forget that we could do a lot of work to automate the process of creating and populating the keys in the metabase. This goes for securing them as well. Why not build a web application to manage all of this? Just remember that you need to force the user to log in as someone for whom you've assigned write permissions to the DataAccessStorage key. Because you'd be creating new keys, you would want to be sure the user has administrator level access before allowing them to do so.

There really is a lot of uncharted territory here. Custom settings for inheritance and security can be configured on your metabase data to make administration easier on you. And, everything we've done today used only one of the many metabase data types. If you think it over for a while, you might be able to come up with a specialized use for this storage system that I haven't considered. As you play with the metabase some more, you'll find that it has other advantages as well, like replication for example.

So what are you waiting for? Get out there and make good use out of what you've learned.


DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

blog comments powered by Disqus
ASP ARTICLES

- Central Scoreboard with Flash and ASP
- Calorie Counter Using WAP and ASP
- Creating PGP-Encrypted E-Mails Using ASP
- Be My Guest in ASP
- Session Replacement in ASP
- Securing ASP Data Access Credentials Using t...
- The Not So Ordinary Address Book
- Adding and Displaying Data Easily via ASP an...
- Sending Email From a Form in ASP
- Adding Member Services in ASP
- Removing Unconfirmed Members
- Trapping HTTP 500.100 - Internal Server Error
- So Many Rows, So Little Time! - Case Study
- XDO: An XML Engine Class for Classic ASP
- Credit Card Fraud Prevention Using ASP and C...

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
 
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 
Support 

Developer Shed Affiliates

 




© 2003-2017 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials