Where to store connection string for classic ASP?

Question

In ASP.NET i can store connection string in the web.config, like wise i need to store connection string or some configuration value in some file for classic ASP.

How can i do this? In order to achieve this do i need to use XML File and store the connection string in this?

What is the best practice???

Answer 1

use globa.asa to set a value in the application object.

Answer 2

A quote I picked up recently...

Don't do something silly like store the secret in a file that's sitting in a virtual directory on a Web server (web.config comes to mind). Web servers have been known to accidentally allow files to be downloaded because of bugs. For example, connection strings in classic ASP pages could be stolen in the past by pointing a Web browser to 'page.asp::$DATA' instead of page.asp. This fooled IIS into thinking that the request was for a static file because .asp::$DATA wouldn't match anything in its script map. But the suffix ::$DATA has special meaning to the operating system: It indicates the default NTFS stream for the file, which is what you get when you read the contents of the file normally. In other words, asking the file system for page.aspx::$DATA is the same as asking it for the contents of page.aspx. Thus IIS would serve up the source of the ASP page instead of interpreting it as a script. There have been lots of shenanigans like this over the years, but most folks would agree that you're better off storing sensitive files outside of any virtual directory on a Web server. Even better, keep sensitive files on a different partition then where your virtual directories reside.

Answer 3

You can make an ASP file that contains the connection string as a string variable, along with any other configuration information, then include it in files that connect to the database.