Introduction
As an ASP programmer, I am always writing code that accesses databases. Many
applications, such as Site Server, Commerce Server, SharePoint, and Content
Management Server provide their own API that helps an ASP programmer tie into
this data in a secure and efficient way. That's nice if you have access to these
remarkably expensive platforms, but what about the rest of us? Well, you could
roll up your sleeves and just whip off a couple COM objects; however unless
you are a crewmember of the starship Voyager, such miracles are unlikely.
Usually, what it comes down to is something more like this:
Set ADOConn = Server.CreateObject ("ADODB.Connection")
ADOConn.Open "myDataSource", "sa", "ItsASecret"
We need less than a second glance to see why this is bad. Any
hacker who manages to view the ASP code will now have full access to your database
server as well.