I need to protect my DB 1

[Sajtz]

Hi!
I'm developing a simple login page, which refers to a database to confirm users login name and password. The problem is when I type the path to the database file (I.E

http://wwwroot/db/users.db)

in the address field, I'm promted to download or open the file. This means that everyone that figures out the address to the database file can view all usernames and passwords.

Question: How can I deny others access to this file. The folder it's in must still have read/write access due to the possibilities of adding and reading information.

 

[FesterSXS]

You currently have your database file within the directory structure of your website. This is not necessary since your DB connection string uses the absolute path of the database file on the server. You can place the DB outside of your website directory structure and change your db connection string to point to the new path.

I often set up my sites within IIS/PWS as follows:

website directory name
--db (DB connection string points to this sub-directory)
--site (IIS/PWS points to this sub-directory for the website files) Tony

http://www.phoenix-paints.co.uk/portfolio