|
All good questions. Let's see if I can answer most of them.
DSN is always best because your code will not display the passwords and better performance. I would recommend you setup a special password for your website that does NOT have full admin rights. If you are not writing to the database then make it read only. In other words DON'T USE the SA password. Create a unique username for the site like web0001 and a complex password. I would make sure that this new username only has access to the tables it needs to have access to and not any of the system tables or account tables. You can always create a unique password for system related tasks. When using ASP NEVER include any connection strings with a .inc file. If you do the any browser will see all the code by typing yourwebsite.com/filename.inc because the server does not know that an .inc file should be rendered as an ASP file. It will treat it like a typical text file. This is probably the biggest mistake most programmers make. Always make sure your connection strings are using an ASP page or better yet create a .dll file that has this information and then call the object. But that's a technique more experienced programmers do.
I would also recommend that you change your password on a regular basis "monthly". Some hackers may store your password and access it a few months later. By then your password would have changed.
Did I forget anything? Let me know.
imaginemn
|