how to protect mdb

simply move it outside the WWW path

--
Curt Christianson
Owner/Lead Developer, DF-Software
Site: http://www.Darkfalz.com
Blog: http://blog.Darkfalz.com
"Danny" <da********@hotmail.com> wrote in message
news:1z*********************@news4.srv.hcvlny.cv.n et...

Hello

how can you protect the .mdb that an asp page modifies?
This must be open to all for modifications right?
But how can it be hidden so people can't just download it if they guess the path?

Thanks

http://www.aspfaq.com/2454

--
http://www.aspfaq.com/
(Reverse address to reply.)


"Danny" <da********@hotmail.com> wrote in message
news:1z*********************@news4.srv.hcvlny.cv.n et...

Hello

how can you protect the .mdb that an asp page modifies?
This must be open to all for modifications right?
But how can it be hidden so people can't just download it if they guess the path?

Thanks

Simple..... stick it outside of the website root.

For example, if your setup is along the lines of;

\htdocs\your_website
\logs
\private

Place the MDB file inside the Private folder. This is out of reach of
internet users, and is still accessible to your applications.

When placing the file outside of the root, you will need to modifiy the path
to something along the lines of;

TheDB = "..\..\Private\TheDB.mdb"

--

Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!
"Danny" <da********@hotmail.com> wrote in message
news:1z*********************@news4.srv.hcvlny.cv.n et...

Hello

how can you protect the .mdb that an asp page modifies?
This must be open to all for modifications right?
But how can it be hidden so people can't just download it if they guess the path?

Thanks

Curt_C [MVP] wrote on 01 jun 2004 in
microsoft.public.inetserver.asp.general:

simply move it outside the WWW path

Or make an unguessable directory structure

/dsklfi958340/958kndlzzzz/my.mdb

[and prohibit directory browsing]

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

Nah, even thats viewable (can't remember their names off hand but, there's a
few programs that allow one to connect directly to a website, and
view/download the file's and folders inside the root).

--

Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!
"Evertjan." <ex**************@interxnl.net> wrote in message
news:Xn********************@194.109.133.29...

Curt_C [MVP] wrote on 01 jun 2004 in
microsoft.public.inetserver.asp.general:

simply move it outside the WWW path

Or make an unguessable directory structure

/dsklfi958340/958kndlzzzz/my.mdb

[and prohibit directory browsing]

--
Evertjan.
The Netherlands.
(Please change the x'es to dots in my emailaddress)

"Steven Burn" <pv*@noyb.com> wrote in message
news:O2**************@TK2MSFTNGP11.phx.gbl...

Nah, even thats viewable (can't remember their names off hand but, there's a few programs that allow one to connect directly to a website, and
view/download the file's and folders inside the root).
Nope,

You mean directory browsing or webdav. Webdav is not so easy by default. You
must enforce non-anonymous access for webdav to be possible.
--

Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Not quite no.....

The following isn't the program I was referring to but, it's along the same
lines.

http://www.brothersoft.com/Internet_...ere_18303.html

I'll see if I can find the freeware one again........

--

Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!
"Egbert Nierop (MVP for IIS)" <eg***********@nospam.invalid> wrote in
message news:Op**************@TK2MSFTNGP11.phx.gbl...

"Steven Burn" <pv*@noyb.com> wrote in message
news:O2**************@TK2MSFTNGP11.phx.gbl...

Nah, even thats viewable (can't remember their names off hand but,

there's a

few programs that allow one to connect directly to a website, and
view/download the file's and folders inside the root).
Nope,

You mean directory browsing or webdav. Webdav is not so easy by default.

You must enforce non-anonymous access for webdav to be possible.

--

Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Thanks everybody
i checked and I do not have access to anything other than web folder. I
checked with the ftp program and I cannot go back one directory. I guess I
should talk to web hosting company on that site?

Thanks

"Danny" <da********@hotmail.com> wrote in message
news:1z*********************@news4.srv.hcvlny.cv.n et...

Hello

how can you protect the .mdb that an asp page modifies?
This must be open to all for modifications right?
But how can it be hidden so people can't just download it if they guess the path?

Thanks

EEK!..... they've not even given a private folder?.... (no offence but, I'd
be having serious talks with them <g>)

--

Regards

Steven Burn
Ur I.T. Mate Group
www.it-mate.co.uk

Keeping it FREE!
"Danny" <da********@hotmail.com> wrote in message
news:T9*********************@news4.srv.hcvlny.cv.n et...

Thanks everybody
i checked and I do not have access to anything other than web folder. I
checked with the ftp program and I cannot go back one directory. I guess I should talk to web hosting company on that site?

Thanks

"Danny" <da********@hotmail.com> wrote in message
news:1z*********************@news4.srv.hcvlny.cv.n et...

Hello

how can you protect the .mdb that an asp page modifies?
This must be open to all for modifications right?
But how can it be hidden so people can't just download it if they guess

the

path?

Thanks

A "private" folder is still only as secure as the file system and/or the FTP
credentials.

IMHO, Access is the wrong tool if a primary objective is security.

--
http://www.aspfaq.com/
(Reverse address to reply.)


"Steven Burn" <pv*@noyb.com> wrote in message
news:eD**************@TK2MSFTNGP10.phx.gbl...

EEK!..... they've not even given a private folder?.... (no offence but, I'd be having serious talks with them <g>)

Thanks again.
I just found out they keep everything in the root of the website.
I am using asp to access this database.
Is there anything I can do? or is making the path very obscure good enough?

thanks again

"Aaron [SQL Server MVP]" <te*****@dnartreb.noraa> wrote in message
news:u5****************@TK2MSFTNGP12.phx.gbl...

A "private" folder is still only as secure as the file system and/or the FTP credentials.

IMHO, Access is the wrong tool if a primary objective is security.

--
http://www.aspfaq.com/
(Reverse address to reply.)


"Steven Burn" <pv*@noyb.com> wrote in message
news:eD**************@TK2MSFTNGP10.phx.gbl...

EEK!..... they've not even given a private folder?.... (no offence but,

I'd

be having serious talks with them <g>)

rename the .mdb to .asp
it will help, otherwise just go through the list that Aaron posted

--
Curt Christianson
Owner/Lead Developer, DF-Software
Site: http://www.Darkfalz.com
Blog: http://blog.Darkfalz.com
"Danny" <da********@hotmail.com> wrote in message
news:MG*********************@news4.srv.hcvlny.cv.n et...

Thanks again.
I just found out they keep everything in the root of the website.
I am using asp to access this database.
Is there anything I can do? or is making the path very obscure good enough?
thanks again

"Aaron [SQL Server MVP]" <te*****@dnartreb.noraa> wrote in message
news:u5****************@TK2MSFTNGP12.phx.gbl...

A "private" folder is still only as secure as the file system and/or the

FTP

credentials.

IMHO, Access is the wrong tool if a primary objective is security.

--
http://www.aspfaq.com/
(Reverse address to reply.)


"Steven Burn" <pv*@noyb.com> wrote in message
news:eD**************@TK2MSFTNGP10.phx.gbl...

EEK!..... they've not even given a private folder?.... (no offence

but, I'd

be having serious talks with them <g>)