| Author |
 Topic Search  Topic Options
|
markmied 
Newbie
Joined: 12 January 2003
Status: Offline
Points: 37
|
 Post Options
 Thanks(0)
 Quote  Reply
 Topic: Best way to protect your .mdb
Posted: 30 March 2003 at 2:24pm |
What is the best way to protect wwForum.mdb file, beside renaming it? If you know the file name you can easily download it. Any suggestions?
I tried looking for answers but there is simply too many posts.
|
 |
michael
Senior Member
Joined: 08 April 2002
Location: United States
Status: Offline
Points: 4670
|
Post Options
Thanks(0)
Quote Reply
Posted: 30 March 2003 at 2:51pm |
|
It is actually described very well in the forum documentation when you download it. Most important> Put your mdb outside of your web so it can only be accessed from within code. Depends on your host if they support it though. My host for example associated mdb with some script like asp (don't know what they picked) and when you try to download it, it just gives you a script error.
|
|
|
|
Gullanian
Senior Member
Joined: 04 January 2002
Location: England
Status: Offline
Points: 4373
|
Post Options
Thanks(0)
Quote Reply
Posted: 30 March 2003 at 3:29pm |
|
you can also password protect the database, set the password to something pretty random, be sure to change the connection string in the configuration files however
|
|
Bunce
Senior Member
Joined: 10 April 2002
Location: Australia
Status: Offline
Points: 846
|
Post Options
Thanks(0)
Quote Reply
Posted: 30 March 2003 at 4:26pm |
One that doesn't come up very often, that Michael was sort of referring to, was that you can actually rename your database you have an asp extension.
This means that it can't be downloaded as it will (attempt to) be processed by the dll on the web server. Will still work if you point your connection string to this file.
Cheers,
Andrew
|
|
There have been many, many posts made throughout the world...
This was one of them.
|
|
markmied
Newbie
Joined: 12 January 2003
Status: Offline
Points: 37
|
Post Options
Thanks(0)
Quote Reply
Posted: 30 March 2003 at 4:39pm |
|
Thank you all for replies.
|
|
xeerex
Senior Member
Joined: 19 November 2002
Location: United States
Status: Offline
Points: 601
|
Post Options
Thanks(0)
Quote Reply
Posted: 30 March 2003 at 5:16pm |
The asp trick works well. Also, rename it to something with a random alpha-numeric name.
You can set permissions on the database itself to WRITE only and remove READ and remove all others. Usually, your host can do this if you aren't hosting your own website.
Password-protecting the database is not a bad idea; however, it can be cracked easily with several programs found on the Net.
|
|
|
|
eaglesexec
Groupie
Joined: 02 December 2002
Status: Offline
Points: 127
|
Post Options
Thanks(0)
Quote Reply
Posted: 30 March 2003 at 8:40pm |
|
hmmm. i know the name of my DB and when i just type its URL in the browser window it will show me a page not found 404 error... its in a database folder... i think my hosting people have to do with this. probably one of their security measures.
|
|
A good plan, violently executed now, is better than a perfect plan next week. -General George S. Patton.
|
|
Julian_Brunt
Newbie
Joined: 01 April 2003
Location: United Kingdom
Status: Offline
Points: 3
|
Post Options
Thanks(0)
Quote Reply
Posted: 01 April 2003 at 2:57am |
 Bunce wrote:
One that doesn't come up very often, that Michael was sort of referring to, was that you can actually rename your database you have an asp extension.
This means that it can't be downloaded as it will (attempt to) be processed by the dll on the web server. Will still work if you point your connection string to this file.
Cheers,
Andrew
|
I will agree with that, you can also encrypt your DB 1st and then rename it with an asp extention. This is kind of standard practice as I have been given this information for other web apps..
|
|
