Hello,

I know this question might appear a little basic, but I don't work in an IT industry and learn all coding through practice, free online tutorials and help in this forum. I have however managed to teach myself enough to produce various sites with dynamic content, searchable functions bla bla bla... you know the score. The thing is, I can make things work, but without the background knowledge that you guys have, I never know whether I'm doing things in the best way... so here I ask...

1.) I wanted a site counter. I've seen a lot of free scripts for counters, but what extension do you save these files with, I'm assuming they're not *.js files. I've used a rather naff system off saving the user's id to a table and the counter returns the sum(*) of that table, but as the hits grow, this table will surely take up more space than neccessary. Is there a better way?... obviously yes, but what?

2.) I've also added a security system which allocates the user with a set session id. If the session id doesn't match the criteria on each page, they are denied permission. What I want to know is how easy is it for people to create the necessary session on another site and then return? Is there a better way to add security without getting too complicated, and is this system enough for most users where there is not really any sensitive information?

3.) Finally, and hence the subject title, what folder in my server should I use for what? Currently I have everything installed in wwwroot, but I realise this isn't the best way of doing things. Where should the db be stored for example to stop people downloading it?

Cheers,

Chris

1.) I wanted a site counter. I've seen a lot of free scripts for counters, but what extension do you save these files with, I'm assuming they're not *.js files. I've used a rather naff system off saving the user's id to a table and the counter returns the sum(*) of that table, but as the hits grow, this table will surely take up more space than neccessary. Is there a better way?... obviously yes, but what?

Do you use a server-side scripting language? I'm guessing you do, if you use a database. I'm also guessing you use ASP, so all asp files would just be saved with a .asp extension. I guess we need more info to answer your question.


2.) I've also added a security system which allocates the user with a set session id. If the session id doesn't match the criteria on each page, they are denied permission. What I want to know is how easy is it for people to create the necessary session on another site and then return? Is there a better way to add security without getting too complicated, and is this system enough for most users where there is not really any sensitive information?

The session id is set by the server, from what I understand, and therefore hard to duplicate by the enterprising hacker. If someone wanted in bad enough, the session id is not necessarily the way they'd try to get in.


3.) Finally, and hence the subject title, what folder in my server should I use for what? Currently I have everything installed in wwwroot, but I realise this isn't the best way of doing things. Where should the db be stored for example to stop people downloading it?


From what I understand, you probably want to place the database above the rest of your directory structure. That will help prevent people from guessing the name of your database and downloading it.

You can set a virtual directory for your site, and actually have it on a different disk altogether, if you want.

1. For a simple idea of using a counter (which you can modify using a database or whatever), check out:

http://www.solidscripts.com/displayscript.asp?sid=4

That uses Scripting.FileSystemObject, and just changes the number in a text file... fairly simple, but it uses a session variable to keep from adding to the counter if the page is refreshed.

If you're interested in something a little more complex with a database (like what I use to see which pages were visited, the user's HTTP_USER_AGENT, the referrer, etc.) let me know by email and I'll fire you off a copy of my script which uses a database. Yeah it adds up, but I guess I'll figure out whether I care later... I suppose if you want to use a really huge counter script like that with stats, etc. your best bet would be using a SQL Server database.

2. What BigDaddy said... the session id is set on the server, so that's not really a concern in the way you're looking at it...

3. What BigDaddy said again - if you're using Access databases, then you'll definitely want to store your database file above the root of your website so someone can't download it by guessing the file name and browsing to it.