Yes, it is safe. Thay cannot be directly requested from the web.
Any *.mdf files placed in the App_Data directory are covered by:
<add path="*.mdf" verb="*" type="System.Web.HttpForbiddenHandler" validate="true" />
That's included in your base web.config
in the CONFIG subdirectory of the .Net Framework 2.0.
See the web.config.comments file in that directory
for a complete list of protected files.
Juan T. Llibre, ASP.NET MVP
ASP.NET FAQ :
http://asp.net.do/faq/
ASPNETFAQ.COM :
http://www.aspnetfaq.com/
Foros de ASP.NET en Español :
http://asp.net.do/foros/
======================================
"mike" <so**********@gmail.com> wrote in message
news:OA**************@TK2MSFTNGP10.phx.gbl...
when website publish on web server the files of app_data such as database file *.mdf
is it safe? is it common