session variables classic asp and passwords

Is it safe to store user inputted passwords in session variables which are used in the connection strings to sql server. If not开发者_开发问答 why and what would be a better way of doing this? The passwords are used to read from sql server.

Session state is stored on the server. There is no way for a client to access or change session state, except through code you provide.

The "gold standard" of password storage is to store just the hashed password. But that's not an option if you need the password to connect to the database. So storing it in the session seems like the best way to go.