Pages

Monday, February 20, 2012

Get the database login information pronto from the application code (ASP.NET)

So, you're asked to fix a database problem for a web application. The trouble is that nobody can tell you a valid database username and password - or even where the database is! You could spend hours searching the application code and tracking down everyone in your company who you think might know.

If the application happens to be written in ASP.NET, there's a good chance that all this information is in a file at the top level of the application's web directory called web.config; the database connection string may even look something like this:

value="Provider=SQLOLEDB;server=34.329.169.201;uid=doodle1;
pwd=$%^ytr;database=larry;Connection Reset=FALSE" />

That's terrible for security, of course, but since someone else wrote the program anyway, at least it's nice that you're able to find the information and get on with your assignment.

If the application is in ASP classic, try looking in global.asa. Otherwise, search the source code for phrases such as conn, password, uid, provider, SQLOLEDB, and so forth.

Posted by NH Tipy at 8:00 AM
Labels: , ,

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.

Subscribe to: Post Comments (Atom)