1. encrypt the objConnString;
2. not use sa for the connection; at some point, disable the sa!!!
3. use Windows authentication with strong PWD (?);
4. not install IIS on the data tier;
5. you could use SSL but not the key word ref. to the question;
6. properly setup the user schema/policy on the data tier -- what/where to read/write;
7. with AUDIT log in place on data tier;
8. use sp, not D-SQL on your logic page (i.e. asp.net), AND not store your sp on .txt/.xml file, keep sp on database;
9. try not to use meaningful var when passing the parameter, i.e. not to use these: str簡妮媽Password, str撅著挺好SecretMoney, str撅著挺好SecretLover; instead, use strC1, strC2, strC3...;
10.close/destory objConn/objRS immediately and never open then wait for the user to complete input/data entry process then close the objConn/objRS
just a thought/point fyi..., may not applcable to your situation, though.
others, welcome your comment/feedback so that we could learn from you!