Hi,
I am tring to protect my database so user can't type in the path to my database and download it.
I put file permissions on it but then it did not allow my pages to read the DB info.
I am using a dnsless connection with asp.
I have a user login page and have restricted access to the DB pages.
I know this is not a very secure restriction but I am more concerned with users not being able to DL my DB.
If anyone knows of a way to protect it let me know.

Thanks,
Kim

Make sure the DB holding the database doesn't allow VIRTUAL LISTING. Also, add a password on the Database itself. So if they do download it, they have to enter a username/password to open it up.

There are also javascripts that trigger when someone leaves your page (ie, having typed in the DB's addy and the pressing enter). It parses the URL, and if it ends with a .mdb, it redirects them instead to an error 404 page.

Ok, I will add a password on the database, but how tough is it to get past that if someone really wants to.

I don't know what a VIRTUAL LISTING is or how to not allow it.

Do you have one of these javascripts that I could use?

Kim

You can also just put the DB into the "private" folder in your webspace, this should be outside of the main root and therefore your DB will not be downloadable as there is no web url to get to it.

"Get the kettle on, time for a brew"

That may not work, because the connection to the database is specified from root or reltive to the file location. Placing the DB above and out of root would indeed protect the DB, but any DSN or Connection String won't be able to connect to it. (I had the same problem when I tried to connect to a DB when it was located in a password protected directory)

Oops, I did mean to add that a DSN would be needed for this. sorry

"Get the kettle on, time for a brew"

Ok, I added a password to the ACCESS DB and now I can't get to the ASP Login Page ( I get an error).

Kim

Are you using a DSN or Connection String to access the DB?

I am using a DNS-less connection. I typed in the path to the DB.
If I use a DNS and put a password on that won't I have the same problem?

Give us the connection string...it should probably look like:

"Driver={Microsoft Access Driver (*.mdb)};" & _
"Dbq=c:\somepath\mydb.mdb;" & _
"Uid=myUsername;" & _
"Pwd=myPassword;"


Providing the username/password in the Connection String for the DB should work...

If you can use a DSN, set it up and add the DB to your "private" folder.(as stated above)

No password on the DB is needed, it will be protected against any download attempts, and it WILL connect via the DSN (sorry aegiskleais, but every one of my DB's is outside of the root and function perfectly)

"Get the kettle on, time for a brew"

I will try to use a DSN, set it up and add the DB to my "private" folder.
My only problem is that when I connect with UD the location is in the webroot and I can't get up a level with my host. Should I ask them how to do this?
With my old host I could have done this.

Thanks,
kim