Hi Ray, thank you very much for your reply.
The server administrator is a guy I used to work with, he is still with my
previous company.
I do web design by myself. The customer has chosen me to do the web design
and they chose my previous company for further advice. They advised them to
buy a server from them and now I have to work with them in order to setup
the web site I made.
He told me he can't give me write permission to the root folder to the
database folder, because that creates a security breach to the server (for
the security concerns he didn't give me ftp access either :-) ). Now, the
customer listens only to what he sais and if he sais my web site is not
secure enough, I am in big trouble, because my customer has no technical
knowledge and they completely rely on what this guy tells them.
From what you say here, I understand that there is obligatory to allow
the internet user write permission for the database folder, right?
Is this safe enough, or it can create security problems? If that is the
case, is there a safer method which would keep happy my former coleague and
the customer?
I am asking you again because I just might send your reply to my
customer, in case the needs arises.
Regards,
Nicolae
"Ray Costanzo [MVP]" <my first name at lane 34 dot commercial> wrote in
message news:ej**************@TK2MSFTNGP09.phx.gbl...
"Nicolae Fieraru" <no****@please.com> wrote in message
news:e7**************@TK2MSFTNGP09.phx.gbl...
The administrator of the server agrees to set the security for the
database to read/write by the internet user. He doesn't want to allow the root
folder for the database to have read and write permission for the
internet
user. At present, when I open the database I can read it, but when I try
to insert or update records, it will fail if the root folder for the
database
doesn't have write permission for the internet user, IUSR. As far as I
know, when the database it is open, it has to create a lock file (.ldb) in the
same folder where the database resides.
You are correct. So, for this reason, as it seems you know, the IUSR
account needs permissions to modify the ~directory~ in which the mdb
exists.
It seems to me that server guy isn't employed by a hosting company.
I can place the database outside the
internet folder if I need to.
I suggest placing the database wherever makes sense to you and whatever's
easiest for you. Just make sure that IIS will not allow anyone to
download
the file. (Turn off read writes in IIS.)
I asked the administrator to create a virtual
folder on that folder and now the internet users can't browse the
database
folder or to download it.
Do I need to setup a username and password on the Access database, is
there any point in doing that?
If someone is able to download your database, there are tools he can use
to
get in. So, passwords in Access are generally meaningless. They're good
in
a small office somewhere where you don't have any "computer-savvy" people.
But, in the scope of the entire world, it doesn't make a difference.
Ray at work