Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > ASP .Net > ASP General > Securing Web Database

Reply
Thread Tools

Securing Web Database

 
 
Prabhat
Guest
Posts: n/a
 
      11-02-2005

"Phillip Windell" <@.> wrote in message
news:(E-Mail Removed)...
> I recommend the same as the others, but if you can't do it that way then

you
> could rename the file something obscure and give it an HTM extension (like
> "fh496jfu6.htm"). The browser would (assuming they ever figured the name
> out) always try to render it rather than download it and it would of

course
> fail to display. Your connection string would have to be altered to match
> the name and I don't think it will care what the file extension is,..I

don't
> think it has to be MDB extension to work.
>
> Obviously I don't think that is the best solution, but it might work if

that
> is all you are able to do. I'll admit that I haven't tested it,...it is
> just a brainstorm,...I guess I got bored.


Good solution, But I have to see if the other extension will work or not.
But as you told this is not the best solution, and as other suggested to
move to other folder avove wwwroot so I will go for that, But still will try
to see if the extension change will work or not.

Thanks
Prabhat


 
Reply With Quote
 
 
 
 
Mark Schupp
Guest
Posts: n/a
 
      11-02-2005
Do you have a directory on your site that is set to not allow IIS to read
from it (cgi-bin directories are usually like this)? If so, put the DB in
there. If not, can you create such a directory (or have your ISP create it)?

--
--Mark Schupp


"Prabhat" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> "Bob Barrows [MVP]" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>
>> If using Anonymous, then the IUSR and IWAM accounts will require modify
>> access to the folder containing the database. otherwise, all users will
>> require that level of permission.

>
> Thanks for that info. My website using Anonymous access so I think I have
> to
> give permissin for both IUSR and IWAM user.
>
> Prabhat
>
>



 
Reply With Quote
 
 
 
 
PJones
Guest
Posts: n/a
 
      11-27-2005
http://support.cjwsoft.com/code/code...nload+database


"Prabhat" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi All,
>
> I have a website setup which has MS-Access DB. The web pages are in ASP
> and uses ADO to connect to DB. The DB is located in the Folder
> "/Database". I have the Connection string setup in the Global.asa file.
>
> As my virtual Directory is "/" and all files and folders including the
> "Database" folder are with in the folder so any one who knows the Database
> folder name and database name can directly download the database from the
> website.
>
> The physical Directory for the virtual directory is: -
>
> d:\mywebsite
> d:\mywebsite\database
> d:\mywebsite\DLLs
> d:\mywebsite\images
> d:\mywebsite\include
> d:\mywebsite\stylesheet
> d:\mywebsite\template
>
> How Can I restrict the database to be access directly from web? Please
> suggest all alternatives that I can opt for.
>
> Thanks
> Prabhat
>
>



 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Database Database Database Database scott93727@gmail.com Computer Information 0 09-27-2012 02:43 AM
DataBase DataBase DataBase DataBase scott93727@gmail.com Computer Information 0 09-26-2012 09:40 AM
Securing a database kt83313@gmail.com Python 9 01-31-2009 05:16 AM
Securing XML file in an ASP.NET web app folder. TK ASP .Net 1 06-24-2004 07:42 AM
Securing dB connection string in Web.config Steve C. Orr [MVP, MCSD] ASP .Net 4 05-22-2004 03:35 AM



Advertisments