By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
429,190 Members | 2,204 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 429,190 IT Pros & Developers. It's quick & easy.

how to protect mdb

P: n/a
Hello

how can you protect the .mdb that an asp page modifies?
This must be open to all for modifications right?
But how can it be hidden so people can't just download it if they guess the
path?

Thanks
Jul 19 '05 #1
Share this Question
Share on Google+
12 Replies


P: n/a
simply move it outside the WWW path

--
Curt Christianson
Owner/Lead Developer, DF-Software
Site: http://www.Darkfalz.com
Blog: http://blog.Darkfalz.com
"Danny" <da********@hotmail.com> wrote in message
news:1z*********************@news4.srv.hcvlny.cv.n et...
Hello

how can you protect the .mdb that an asp page modifies?
This must be open to all for modifications right?
But how can it be hidden so people can't just download it if they guess the path?

Thanks

Jul 19 '05 #2

P: n/a
http://www.aspfaq.com/2454

--
http://www.aspfaq.com/
(Reverse address to reply.)


"Danny" <da********@hotmail.com> wrote in message
news:1z*********************@news4.srv.hcvlny.cv.n et...
Hello

how can you protect the .mdb that an asp page modifies?
This must be open to all for modifications right?
But how can it be hidden so people can't just download it if they guess the path?

Thanks

Jul 19 '05 #3

P: n/a
Simple..... stick it outside of the website root.

For example, if your setup is along the lines of;

\htdocs\your_website
\logs
\private

Place the MDB file inside the Private folder. This is out of reach of
internet users, and is still accessible to your applications.

When placing the file outside of the root, you will need to modifiy the path
to something along the lines of;

TheDB = "..\..\Private\TheDB.mdb"

--

Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!
"Danny" <da********@hotmail.com> wrote in message
news:1z*********************@news4.srv.hcvlny.cv.n et...
Hello

how can you protect the .mdb that an asp page modifies?
This must be open to all for modifications right?
But how can it be hidden so people can't just download it if they guess the path?

Thanks

Jul 19 '05 #4

P: n/a
Curt_C [MVP] wrote on 01 jun 2004 in
microsoft.public.inetserver.asp.general:
simply move it outside the WWW path


Or make an unguessable directory structure

/dsklfi958340/958kndlzzzz/my.mdb

[and prohibit directory browsing]

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)
Jul 19 '05 #5

P: n/a
Nah, even thats viewable (can't remember their names off hand but, there's a
few programs that allow one to connect directly to a website, and
view/download the file's and folders inside the root).

--

Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!
"Evertjan." <ex**************@interxnl.net> wrote in message
news:Xn********************@194.109.133.29...
Curt_C [MVP] wrote on 01 jun 2004 in
microsoft.public.inetserver.asp.general:
simply move it outside the WWW path


Or make an unguessable directory structure

/dsklfi958340/958kndlzzzz/my.mdb

[and prohibit directory browsing]

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

Jul 19 '05 #6

P: n/a
"Steven Burn" <pv*@noyb.com> wrote in message
news:O2**************@TK2MSFTNGP11.phx.gbl...
Nah, even thats viewable (can't remember their names off hand but, there's a few programs that allow one to connect directly to a website, and
view/download the file's and folders inside the root).
Nope,

You mean directory browsing or webdav. Webdav is not so easy by default. You
must enforce non-anonymous access for webdav to be possible.
--

Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk


Jul 19 '05 #7

P: n/a
Not quite no.....

The following isn't the program I was referring to but, it's along the same
lines.

http://www.brothersoft.com/Internet_...ere_18303.html

I'll see if I can find the freeware one again........

--

Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!
"Egbert Nierop (MVP for IIS)" <eg***********@nospam.invalid> wrote in
message news:Op**************@TK2MSFTNGP11.phx.gbl...
"Steven Burn" <pv*@noyb.com> wrote in message
news:O2**************@TK2MSFTNGP11.phx.gbl...
Nah, even thats viewable (can't remember their names off hand but,
there's a
few programs that allow one to connect directly to a website, and
view/download the file's and folders inside the root).
Nope,

You mean directory browsing or webdav. Webdav is not so easy by default.

You must enforce non-anonymous access for webdav to be possible.
--

Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Jul 19 '05 #8

P: n/a
Thanks everybody
i checked and I do not have access to anything other than web folder. I
checked with the ftp program and I cannot go back one directory. I guess I
should talk to web hosting company on that site?

Thanks

"Danny" <da********@hotmail.com> wrote in message
news:1z*********************@news4.srv.hcvlny.cv.n et...
Hello

how can you protect the .mdb that an asp page modifies?
This must be open to all for modifications right?
But how can it be hidden so people can't just download it if they guess the path?

Thanks

Jul 19 '05 #9

P: n/a
EEK!..... they've not even given a private folder?.... (no offence but, I'd
be having serious talks with them <g>)

--

Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!
"Danny" <da********@hotmail.com> wrote in message
news:T9*********************@news4.srv.hcvlny.cv.n et...
Thanks everybody
i checked and I do not have access to anything other than web folder. I
checked with the ftp program and I cannot go back one directory. I guess I should talk to web hosting company on that site?

Thanks

"Danny" <da********@hotmail.com> wrote in message
news:1z*********************@news4.srv.hcvlny.cv.n et...
Hello

how can you protect the .mdb that an asp page modifies?
This must be open to all for modifications right?
But how can it be hidden so people can't just download it if they guess

the
path?

Thanks


Jul 19 '05 #10

P: n/a
A "private" folder is still only as secure as the file system and/or the FTP
credentials.

IMHO, Access is the wrong tool if a primary objective is security.

--
http://www.aspfaq.com/
(Reverse address to reply.)


"Steven Burn" <pv*@noyb.com> wrote in message
news:eD**************@TK2MSFTNGP10.phx.gbl...
EEK!..... they've not even given a private folder?.... (no offence but, I'd be having serious talks with them <g>)

Jul 19 '05 #11

P: n/a
Thanks again.
I just found out they keep everything in the root of the website.
I am using asp to access this database.
Is there anything I can do? or is making the path very obscure good enough?

thanks again

"Aaron [SQL Server MVP]" <te*****@dnartreb.noraa> wrote in message
news:u5****************@TK2MSFTNGP12.phx.gbl...
A "private" folder is still only as secure as the file system and/or the FTP credentials.

IMHO, Access is the wrong tool if a primary objective is security.

--
http://www.aspfaq.com/
(Reverse address to reply.)


"Steven Burn" <pv*@noyb.com> wrote in message
news:eD**************@TK2MSFTNGP10.phx.gbl...
EEK!..... they've not even given a private folder?.... (no offence but,

I'd
be having serious talks with them <g>)


Jul 19 '05 #12

P: n/a
rename the .mdb to .asp
it will help, otherwise just go through the list that Aaron posted

--
Curt Christianson
Owner/Lead Developer, DF-Software
Site: http://www.Darkfalz.com
Blog: http://blog.Darkfalz.com
"Danny" <da********@hotmail.com> wrote in message
news:MG*********************@news4.srv.hcvlny.cv.n et...
Thanks again.
I just found out they keep everything in the root of the website.
I am using asp to access this database.
Is there anything I can do? or is making the path very obscure good enough?
thanks again

"Aaron [SQL Server MVP]" <te*****@dnartreb.noraa> wrote in message
news:u5****************@TK2MSFTNGP12.phx.gbl...
A "private" folder is still only as secure as the file system and/or the

FTP
credentials.

IMHO, Access is the wrong tool if a primary objective is security.

--
http://www.aspfaq.com/
(Reverse address to reply.)


"Steven Burn" <pv*@noyb.com> wrote in message
news:eD**************@TK2MSFTNGP10.phx.gbl...
EEK!..... they've not even given a private folder?.... (no offence
but, I'd
be having serious talks with them <g>)



Jul 19 '05 #13

This discussion thread is closed

Replies have been disabled for this discussion.