My website is www.madvisory.com.

If I upload an access database named "db" to the root directory, a user can type in www.madvisory.com/db.mdb and can proceed to download the database.

On other webhosts, when I FTP in, I can get access not only to the www folder (which is really the root directory), but also to a folder called db, which exists above the root. This folder cannot be accessed by someone going to www.madvisory.com, but can be accessed by my asp pages. This doesn't seem to be the case on discountasp.net

Does anyone have any thoughts on database security (other than putting a password on my database file)?

Thanks,
Matt

Try put it into the cgi-bin directory which doesn't have any IIS read permission (different from NTFS permission)

[b]quote:Originally posted by Mpressler

My website is www.madvisory.com.

If I upload an access database named "db" to the root directory, a user can type in www.madvisory.com/db.mdb and can proceed to download the database.

On other webhosts, when I FTP in, I can get access not only to the www folder (which is really the root directory), but also to a folder called db, which exists above the root. This folder cannot be accessed by someone going to www.madvisory.com, but can be accessed by my asp pages. This doesn't seem to be the case on discountasp.net

Does anyone have any thoughts on database security (other than putting a password on my database file)?

Thanks,
Matt
</blockquote id="quote"></font id="quote">

Wouldn't that be a problem if you have a DB you want to have online? I have pretty much this exact question. I put up a webforum and the documentation makes it clear that you should put the DB outside of the Web path. But that does not seem possible.

[b]quote:Originally posted by bruce

Try put it into the cgi-bin directory which doesn't have any IIS read permission (different from NTFS permission)

[b]quote:Originally posted by Mpressler

My website is www.madvisory.com.

If I upload an access database named "db" to the root directory, a user can type in www.madvisory.com/db.mdb and can proceed to download the database.

On other webhosts, when I FTP in, I can get access not only to the www folder (which is really the root directory), but also to a folder called db, which exists above the root. This folder cannot be accessed by someone going to www.madvisory.com, but can be accessed by my asp pages. This doesn't seem to be the case on discountasp.net

Does anyone have any thoughts on database security (other than putting a password on my database file)?

Thanks,
Matt
</blockquote id="quote"></font id="quote">
</blockquote id="quote"></font id="quote">

If IIS read permission is disabled, you should have no problem at all.

[b]quote:Originally posted by mczet

Wouldn't that be a problem if you have a DB you want to have online? I have pretty much this exact question. I put up a webforum and the documentation makes it clear that you should put the DB outside of the Web path. But that does not seem possible.

[b]quote:Originally posted by bruce

Try put it into the cgi-bin directory which doesn't have any IIS read permission (different from NTFS permission)

[b]quote:Originally posted by Mpressler

My website is www.madvisory.com.

If I upload an access database named "db" to the root directory, a user can type in www.madvisory.com/db.mdb and can proceed to download the database.

On other webhosts, when I FTP in, I can get access not only to the www folder (which is really the root directory), but also to a folder called db, which exists above the root. This folder cannot be accessed by someone going to www.madvisory.com, but can be accessed by my asp pages. This doesn't seem to be the case on discountasp.net

Does anyone have any thoughts on database security (other than putting a password on my database file)?

Thanks,
Matt
</blockquote id="quote"></font id="quote">
</blockquote id="quote"></font id="quote">
</blockquote id="quote"></font id="quote">