I would like to record form input into small text files created by an asp file and stored in a separate folder on the webserver. The folder would have to have full read write access to achieve this.

These text files would then be automatically retieved via ftp to a local computer, validated and read, and the data imported into a proprietary database.

I don’t like access databases - they are clunky and the files are huge even if minimal data is stored per record. And I want to recover the data one record at a time.

What are the security benefits, if any, of using an access database rather that separate text files? Why are there security issues if the files are created and named by the asp program and one can therefore ensure that only valid files are ever downloaded and opened?

I'm not sure I follow you. You'd prefer to use text files, and download and import those into your offline database, than using Access and doing the same thing?

I can't really see any benefit of using Access. It's no more secure (although I guess it could be password-protected) and although it's easier to run a query against it than a text file, you're not doing that so... umm... use a text file?

Have I missed something?

Thanks for your swift input spudhead.

You conform what I suspected. When I suggested to the chaps who host the website that I wanted to create a folder on their server and open it for full read/write access they fell all over the place with dark aspersions about it being totally unsafe. Not being a security expert I have been unable to lodge any counter arguments.

The site btgames.co.za was developed by me for a business owned by my daughters. The database that automatically creates and maintains all the asp pages and include files was created using VB.

Currently orders are transmitted via email as we decided upon a personal approach and telephonically contact prospective clients. This is working very well and people seem to like it..

What I want to do now is to cut out the email and write the order information to a text file (probably csv format). This will be written to a 'open' folder on the web server.

I will then create a program on our computer system which, via ftp, checks the contents of the folder from time to time (say every 30 minutes) and downloads (and then deletes) any csv files. These files will then be automatically read and the information imported directly into an ordering program for processing, writing confirmation emails, telephone the client, etc.

I seems that the only danger is that some bright spark could in some way identify and exploit the ‘open’ folder on the webserver and drop some nasty program in to it. As far as I know such program would never be run on the server. If it does not have a csv extension it will be deleted. If it does then it will be downloaded, deleted from the webserver, and opened locally with an open for input access (which will fail, causing an error, if the ‘fields’ do not match the fields we expect). In such event the file will be deleted.

I cannot see how this system can compromise the website - but then I am not someone who knows how to find ‘open’ folders on web servers or how to write self-propagating viruses that infect text files!