I have big problem in security [Archive]

View Full Version : I have big problem in security

bmwmpower

06-09-2003, 03:28 PM

The problem is when I write the path of data base in the browser I can download it or open it so any one can help me to how make security for this problem

arnyinc

06-09-2003, 05:34 PM

Put your database file into a directory that is not accessible via the web. For example, your website is usually located at C:\inetpub\wwwroot. Put your file at C:\databases\yourdb.mdb. You will have to change all of your database connections to this new path, but no one will be able to access it directly via the web.

raf

06-09-2003, 05:57 PM

+ choose a really hard to guess db-name and store your connectionstrings in a server side include with an asp, php, jsp, ... extension

whammy

06-09-2003, 08:12 PM

I agree with arnyinc. That's exactly what I do. If you do a search of this forum for Access connection strings, you can probably find an example of one of my scripts using Server.MapPath() to help you out.

:)

oracleguy

06-10-2003, 05:03 AM

You also can add a password on your access database too, you'll have to append the password attribute in your connection string but that's not a big deal. It's no substitute for placing it in a directory not on the web but it's worth mentioning nonetheless.

bmwmpower

06-10-2003, 12:31 PM

when i maked search i found this code but i don't understand this code so can anyone help me

sConnString = "Provider=Microsoft.Jet.OLEDB.4.0; Data Source=" & _
Mid(Server.MapPath("\"), 1, InStrRev(Server.MapPath("\"),"\")-1) & "\.mdb;" & _
"Persist Security Info=False;"

Set Conn = Server.CreateObject("ADODB.Connection")
Conn.Open sConnString

Bluemonkey

06-10-2003, 02:22 PM

how would you find out the path to the database tho for the client side as in i wanna download this sites database, how would you find the path to it??

raf

06-10-2003, 03:01 PM

Downloading an applications database, after you found out it's address (as in, you didn't get it from the appliction manager) is hacking. (Not that i am morally against it. Its far worse that you're hijacking this thread.)
There are ways, buth by following the 4 or 5 tips in this thread, you'd be safe.

Bluemonkey

06-10-2003, 03:16 PM

i know it would be hacking yes but i am asking for the porpose of if you know how to do it you know how to stop other people doing it.

raf

06-10-2003, 04:05 PM

I thought so. See my previous post.
by following the 4 or 5 tips in this thread, you'd be safe. :D

Bluemonkey

06-10-2003, 04:07 PM

Cheers. :thumbsup: