Securing Database Access

Using a connection string is necessary to connect to a database, but the security risks are high if that connection string contains database credentials. For example, a previous version of the CML application made this setting in the file global.asa in the Application_OnStart subroutine, called when the CML application is started:

Application("FmLib_ConnectionString") = "DSN=FmLib;SERVER=MyServer;UID=sa;WSID=MyComputer;DATABASE=FMLib"

In this line, the FmLib_ConnectionString variable was assigned an OLE DB connection string to connect to the FmLib database. All the parameters needed to connect to a database were assigned to this string and stored in this application variable.

As you can see, FmLib_ConnectionString contains the username "sa", but no password. An account with the "sa" user name is created by default for every SQL Server installation. If you have used the tools supplied with Microsoft SQL Server, you have likely used this account to log on. Because this account is widely known, it is not secure.

One idea for increasing security would be to edit global.asa and add a password parameter to the "sa" account. For example:

Application("FmLib_ConnectionString") = "DSN=FmLib;SERVER=MyServer;UID=sa;PWD=Gremlin;WSID=MyComputer;DATABASE=FMLib"

The connection string that appears in this subroutine is generated when adding a connection to the Visual InterDev™ project used to create the CML application. Because this application uses RDS for client-side data access, the connection string is sent in plain text to the client. (Fortunately, this string appears in an IFrame that can be made invisible by setting the Debugging Mode application setting to Off.) But because the connection string contains the Microsoft SQL Server password for the "sa" account, it is a considerable security risk to send it at all.

There are two ways this problem can be resolved.