The client machines do not have access to the SQL Server port and opening the port to the client machines is not possible.
Scenario: We have an old client application written entirely in javascript. The javascript contains a clear text connection string, including a sql server account username and password. We also use ASP.NET to host other applications.
We were hoping to move the connection to the server without having to rewrite the entire javascript application.
Is there a way to just replace the connection in the .js file with a server-side connection without having to write AJAX (or something similar) calls for every data function in the .js files?
Here is how the clients used to connect before the SQL Server port was changed:
var conn_str = "DRIVER=SQL SERVER;SERVER=MyServer;DATABASE=MyDb;UID=sqluser;PWD=mypassword;";
function openConn() {
//alert("openConn() ");
this.conn = getAdoDb("ADODB.Connection");
conn.ConnectionTimeout = 240;
conn.CommandTimeout = 240;
conn.open(conn_str, "", "");
//alert("Current Connection String: " + conn_str);}
The above code is in a javascript file with thousands of lines of code. We’d like to simply replace this connection part of the javascript with something on an ASPX page or AJAX or something that could be consumed by the .js file.
If you are going to use server side technologies, AJAX is just one option. You can embed the retuned data in your pages to be consumed by javascript (ie. output JSON to the page) etc.
You can create a generic server side data function that will accept the SQL and parameters, but will need to validate the passed in queries and parameters to avoid SQL Injection and tampering.
In my opinion, there is no secure way around replacing all the data functions.