How to "secure" the DB file? 1

[ChampionX]

Hi

As I learn asp, most of my doubts clear out by themselves. But there's still one of my "big" initial doubts that stays uncleared: I wonder how can I protect my access database file from being downloaded or viewed straight through its URL. Of course the file name and path should be known, but I feel like maybe there is some way to make that file only available from other scripts on the site, but not straight from the client browser.

I hope you understand what I mean. Maybe it is something that must be set by the server, in fact I tested my asp's with a free account at Brinkster and it has a special folder called db, I thought it might be an "outside-protected" folder but it was still accessible by url-db/name.mdb.

Thanks for any help on this issue.

 

[Bastien]

Your isp whether running IIS or some linux/uix server application should be able to provide you with security to block access to the DB...the connection string is kept on the server anyway so there is no direct link for the user to view the code. One idea may be to place the DB on another machine and keep physical separation between the web app and the data...

bastien Bastien

There are many ways to skin this cat,
but it still tastes like chicken

 

[vasah20]

contact your ISP and have them remove read permissions on your DB directory. (make sure that it retains write and execute privledges, though)

By removing read priviledges, your DB cannot be downloaded via URL.

good luck
leo