im using a shared hosting company to host my site and db. they are

Question

0

Editorial Team

Asked: May 20, 20262026-05-20T22:11:02+00:00 2026-05-20T22:11:02+00:00

im using a shared hosting company to host my site and db. they are

0

im using a shared hosting company to host my site and db.
they are both being hosted on the same server.

to access the db i am currently supplying userid and password in the connection string within the web config.

this just makes me really uncomfortable.

is there i way to avoid giving userid/pass in web.config connection string?

Report

Leave an answer
Cancel reply

You must login to add an answer.

Need An Account,

1 Answer

Editorial Team · Answer 1 · 2026-05-20T22:11:03+00:00

You can switch to OS authentication:

Data Source=myServerAddress;Initial
Catalog=myDataBase;Integrated
Security=SSPI;

In this case grant db access to the account your site runs under. Or, just encrypt your connectionStrings section in web.config.

Update:
I’m not sure how this happens in hosting environments (the hoster should have some FAQ), but if your server is dedicated one and you have administrative privilegies on your Sql Server you can do that like

create login [NT AUTHORITY\NETWORK SERVICE] from windows
create user [NT AUTHORITY\NETWORK SERVICE] for login [NT AUTHORITY\NETWORK SERVICE]
exec sp_addrolemember 'db_datareader',[NT AUTHORITY\NETWORK SERVICE]

The account to grant access to is one the application pool in IIS is running under. NetworkService is default for IIS 6.0 but if the server is shared you probably have a custom account (granting access to NetworkService on shared server will expose your db to any service running under NetworkAccount).

Sign Up

Sign In

Forgot Password

The Archive Base Latest Questions

im using a shared hosting company to host my site and db. they are

Leave an answerCancel reply

1 Answer

Leave an answer
Cancel reply