ASP.NET, a higher version of ASP, is a programming framework used to create enterprise-class Web Applications. These applications are available to the entire world providing efficient information to their end users. ASP .NET has far more advantages than just a next version of ASP. And it is easily available to configure and use no matter if you have a Dedicated server or a Shared hosting account.

Why to use ASP.NET?

Microsoft has worked well to shift their focus on Internet world from a Windows based platform since 1995 and finally Microsoft introduced Active Server Pages (ASP) in 1996 that was much easy to understand than the orthodox languages like Java, C++ and Perl as it offered the efficiency of ISAPI applications. However ASP scripts were difficult to debug and main, since it consisted unstructured code and interpreted script. ASP also made it difficult for developer to ingrate the web development software as it required to understand many different technologies. If the web application grew more complex and bigger it became harder to maintain as the number of line in source code increased dramatically, specially when you host your application on a Shared hosting server. Therefore, a need of an architecture was required that would allow development of Web application in a consistent way.

A new technology .NET framework was introduced with the intention to provide globally distributed software with Internet functionality and interoperability. The .NET Framework includes multiple language support and consists of many class libraries with a common execution point. .NET framework provides a high level of flexibility allowing to development a top class web application that does different things. ASP .NET is built into this framework which allows a developer to crate a web application using any of the built-in languages. Making it easy to develop an Internet based web application.

ASP.NET uses the Common Language Runtime (CLR) provided by the .NET Framework which is not available in ASP. Execution of the code we rite is managed by this CLR. ASP.NET code is a compiled CLR code instead of interpreted code (ASP). The CLR makes development of Web applications simple and also allows objects written in different languages to interact with each other.

Advantages of Using ASP.NET:

• ASP.NET reduces the code drastically that is required to build large applications
• ASP.NET makes for easy deployment. There is no need to register components because the configuration information is built-in
• ASP.NET, with an event-driven, server-side programming model makes development simpler and easier to maintain.
• The pages have lots of power and flexibility by this approach since the source code is executed on the server.
• The Web server continuously monitors the pages, components and applications running on it. If it notices memory leaks, infinite loops, other illegal software or activities, it seamlessly kills those activities and restarts itself
• Execution of .NET application is fast as the Web Server compiles the page the first time it is requested. The server saves the compiled version of the page to use it next time the page is requested
• ASP.NET applications are more secure as only the HTML produced by the ASP .NET page is sent back to the browser and the application source code you write is not sent and is not easily stolen
• ASP.NET pages are easy to write and maintain because the source code and HTML are together
• ASP.NET applications run faster and counters large volumes of users without performance problems
• ASP .NET validates information (validation controls) entered by the user without writing a single line of code
• ASP.NET is compatible with ADO.NET using data-binding and page formatting features.

Please make sure of the following before you configure the script:

• The user that is running the script must have execute permissions on cscript in system32
• The user that is running the script must have write permissions folder that is going to store the backup file.
• The user that is running the script must have execute permissions on mysqldump.exe in Mysqlbin
• If you running this script in browser then your web user will need the above permissions.

So here is the script:

backup-mysql-database.vbs

Option Explicit
Dim backup_dir, num_days, user, password, database, arguments, backup_file
Dim oShell, oFS, oDrive, nResults, sqldump

backup_dir = "C:MysqlBackups"
user = "xxxxxxxx"
password = "yyyyyyyy"
database = "zzzzzzzz"
sqldump = "C:Mysqlbinmysqldump.exe"

backup_file = backup_dir & database & ".sql"
arguments = "--user=" & user & " --password=" & password & " " & database & " > " & backup_file
arguments = sqldump & " " & arguments
WScript.Echo(arguments1)

Set oShell = CreateObject("WScript.Shell")

WScript.Echo("Creating backup file " & backup_file)
nResults = oShell.Run ("cmd /C" & arguments, 1, TRUE)
WScript.Echo(nResults)

Set oShell = Nothing

The following variable will be needed to be defined as per your need:

backup_dir = Should have the path to the directory that you want to save you backup file in.
user = Database user name that has full privileges over the database you want to backup.
password = Password of the database user.
database = Name of the database that you want to backup
sqldump = Path to mysqldump.exe, normally this is stored in MySQLbin directory.

To backup all database you can ignore the database variable and replace the first argument command with:

arguments = "--user=" & user & " --password=" & password & " --all-databases --quick
--result-file=" & backup_file

Now you can run the command below to execute the script on Windows server:

cscript c:myscriptsbackup-mysql-database.vbs

You can also schedule the above command to run on sceduled timining to backup the MySQL databases.

We have seen allot of people looking to have the best option to secure the connection string in their ASP .NET code to connect the MS SQL database since it contains the username and password of their database. It is very important to use a secure method for corporate clients and those who save Credit Card details in their MS SQL database. Or they will easily get hacked and all the important data will be exploited by the hacker. And also for those who store important data in MSSQL.

Here are the list of methods that can be used to secure your MS SQL connection string in your ASP.NET application.

METHODS:

1. Using a DSN connection string:

If you have the administrator users access to your Windows Server or use a control panel like Plesk then you can create a DSN with ODBC connector that stores the password of your database along with its name.

You will have to go to Start >> Administrative Tools >> Data Sources (ODBC) on your Windows Server with an account that has administrative privileges.

Or if you use a hosting control panel like Plesk that you can create the DSN from the control panel itself.

Once you have created the DNS you will have to mention it in your code as:

oConn.Open "DSN=mySystemDSN"

2. Store your connection string either in web.config or global.asa:

It is safe to have connection string stored in either web.config or global.asa, since IIS does not allow these files to be accessed from the browser. But it is recommended to enable custom errors in web.config or else the browser just displays the exact exact in the event of an error.

An example of web.config would be:

3. Encrypt your connection String stored in Web.config.

To make the connection string more secure you can encrypt your string if you application is written in ASP .NET 2 as this only possible with the new feature in asp.net 2.0 through the config API.

Steps to Encrypt your connection string in web.config:

– Create a connectionstring section in web.config :-

– Run the command below:

aspnet_regiis –pe -app optionally you can provide the machine or user store.

– Get the connection string:-

Response.Write(ConfigurationManager.ConnectionStrings

["Myconnstr"].connectionString.ToString());

– You can also encrypt:

– To decrypt the connection string use aspnet_regiis –pd with the same parameters.

– There are more option available, such as:

aspnet_regiis –pef
aspnet_regiis -pdf

4. Save the connection string in the Windows registry:

You can also save the connection string in the windows registry, the only problem here is you have to give appropriate permissions on the registry so that your web user is able to read the data fron the registry:

Procedure to follow:

Add a registry key for your application under SOFTWARE/[YOUR_COMPANY]/[YOUR_APP]
Add a string value for ConnectionString
Teach your ConnectionFactory to crack open the appropriate registry key (in a static constructor, not every page load).
Export the registry info as a .reg file, add it to source control, modify and apply it as necessary to set up additional machines.

You will also have to make sure that the user have appropriate rights on the register to read the data.

5. Save your connection string in a DLL.

You can also save the connection sting the to a DLL using Visual Studio but this includes few disadvantages like, you will gave to decrypt the DLL to make any changes in the connection string and then again encrypt it. This makes things very complicated for you to manage your applications and specially when you have a shared hosting package.