Is it possible for a visitor to a website to view asp code (the way you do a view source and see html and javascript code).

i assume not since asp resides and executes on the server, but just want to be sure.

also, is storing sql server usernames and passwords in an asp include module a bad practice? can these usernames and passwords be viewable to a potential hacker?

thank you.

No, users can not see your asp source code and your assumption as to why is correct.

Regarding your usernames and passwords, simply put, you need to put this data some where. Include modules aren't a bad place to put them and you can take additional steps to protect yourself. For example, encrypting your username and password and then decrypting when you go to use the data.

hth.

================================================== =========
Read this if you want to know how to get a correct reply for your question:
http://www.catb.org/~esr/faqs/smart-questions.html
================================================== =========
.: Wrox Technical Editor :.
Wrox Books 24 x 7
================================================== =========

May I add - dont use the .inc file type for your includes, this way the contents of your include file can be viewed in a browser. I use .asp for include files.

Wind is your friend
Matt

thank you for your responses. i do store the usernames and passwords in .asp files, i just call them includes since i "include" them in many programs.

btw, how would i go about encrypting and decrypting my usernames and passwords?

thank you.

sal

This SERP should yeild help you along: http://www.google.com/search?source=...p+-+encryption

================================================== =========
Read this if you want to know how to get a correct reply for your question:
http://www.catb.org/~esr/faqs/smart-questions.html
================================================== =========
.: Wrox Technical Editor :.
Wrox Books 24 x 7
================================================== =========

thank you!