I have an .asp file in which I have written all my connection strings to database.

I include that file in every page for connection reason. Now Can anyone please help me if I can compile that file or encrypt the file so that user can't see the connection strings into that file when they open it?

Thank you for your help in advance.

Assuming that your webserver is setup to send .asp files to the asp.dll (and not simply serve then) I would have to ask how a user would even ever see these connection strings?

Next, while it is possible to encrypt your connection strings, it isn't easy and requires you to jump through a series of hoops since this functionality isn't directly available in classic asp. Your choices are:

• Purchase a commerical product like Chilkat's Crypt http://www.chilkatsoft.com/encryption-features.asp
• Create an assembly in .NET that will encrypt/decrypt a string and expose it through COM Interop
• Roll your own encryption function

Now in all of the years I have been programming I have never once encrypted my connection strings because I see no need in expending the extra CPU cycles. If someone can compromise your server to the point that they can open your ASP files in notepad and read the connection strings you have bigger problems then said attacker getting to your database.

hth
-Doug

__________________
===============================================
Doug Parsons
Wrox online library: Wrox Books 24 x 7
Did someone here help you? Click on their post!
"Easy is the path to wisdom for those not blinded by themselves."
===============================================