Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Best security for database?

Status
Not open for further replies.
MrGunner

MrGunner

Programmer
Sep 3, 2001
8
US
I would like to find out what would be the best way to secure a database from outside users. Here's my problem.

I'm working on a piece of software where users create custom asp files that have to read/write an access 2k database file. This database is located in the same directory as the asp file, so... if a user knew the name of the database (like mydb.mdb) they could download it and view all of the info contained inside of it.

Now... I could try and setup user id's and passwords for the database, but that would be too complicated for the users of the software (and they would have to edit the asp pages which is out of the question.)

So... what are my other options? Is there anyway I can restrict access to the database file?
 
Sort by date Sort by votes
How is the client software connecting to the database? If it's using ADO connect strings then you can locate the database on another server and access it via a shared folder. The code will have access, but without breaking into the web server itself no one will be able to download it.

Chip H.
 
Upvote 0 Downvote
The database connects using DSNless as follows.

Code: 
DB_location=server.mappath("mydb.mdb")
Set db = Server.CreateObject("ADODB.Connection")
db.Open "PROVIDER=MICROSOFT.JET.OLEDB.4.0;DATA SOURCE="&DB_location

I do it this way to make it easy on my users of the software and also so they won't have to contact a web server admin and have them setup a dsn.

I was messing around with IIS and found that if I take off annonymous access on the database that it can still be read/wrote to and that it can not be downloaded. The only downfall of this fix is that the users of the software would still have to contact their web server admin and have them set it up. Is there a better solution to this? Could I possibly somehow write an asp script to change the security permissions?
 
Upvote 0 Downvote
Why don`t you just transfer your database another directory than
where your asp-files are.
If you create database directory in your c: root and transfer
your database there, it should be safe.
You just have to configure your ODBC connection to point
the new directory.
 
Upvote 0 Downvote
Maybe I didn't explain my initial problem well enough... but, the problem with doing that is I am not the person who is using the software, thousands of standard joes will be using the software and won't be able to do that. All they will be able to do is upload a few asp files along with a database and expect everything to work out of the box. Having them change file permissions or move a database around and edit the odbc connection string will be too complicated. That is why I was wondering if there was a different way to secure a database or have it done automatically using a vbscript that my users could run. Again, please throw out any suggestions to my problem :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

penguinspeaks
  • Locked
  • Question
Parse a database field that is comma delimited and input the results into another table
Replies
0
Views
356
penguinspeaks
penguinspeaks
Swi
  • Locked
  • Question
Best/Quickest Grid to display data
Replies
1
Views
366
Swi
Swi
how2trainyourdragon
  • Locked
  • Question
Request.Server variables blank for classic ASP
Replies
12
Views
886
GriffMG
GriffMG
bslintx2021
  • Locked
  • Question
How to configure IIS 10 server to allow Classic ASP to connect to MSSQL server database on a domain
Replies
1
Views
825
penguinspeaks
penguinspeaks
leifoet
  • Locked
  • Question
How to update the content of radio buttons in a database?
Replies
2
Views
220
leifoet
leifoet

Part and Inventory Search

Sponsor

Back
Top