Why would you want to put the databases in the CGI-bin, people can still access this directory from a web browser.

You want to place your database in a folder outside of your web site that can't be accessed through a web browser, you then want to follow the documentation that comes with the forum on moving and renaming your database.

Ok....so I put the the database outside of the webpage.   I guess I am back to my first question.  What is the syntax for the path so the asp scripts can find the data base?  Lets say I put the mdb file in a folder on dirve d called misc. What is the path syntax for this example?  I looked at the example in the renaming/moving section of the documentation.  I could not find an example of moving the mdb file out of the web path. 

Ok I moved my mdb file to a directory outside my website.  What is the proper syntax to use in the common.asp to direct it to the proper folder.  Lets say I put my file in D:\misc  and the file was called test.mdb.  Is it "d:/misc/test.mdb"   ?

Thank you for your help.

I should imagine there is no "help" in the documentation for that since the comments and an example are in the common.asp which must be edited per the help?

For those who don't know, the correct pathway depends on your webhost and your setup. As a "general rule" when you login to your FTP client, you should notice a directory structure on the server side of the FTP program window that will pretty much tell you. For instance, here is a sample pathway to a database that is above the public portion:

d:/users/database/f12o45r29um.mdb  (above the www root)

whereas the site would be something like

d:/users/www  (this would be where you put all your pages)

Now, depending on your hosting/setup you may need to use a DSN connection. A DSN connection is usually setup by your host or through your control panel. In simple terms a DSN connection is a "virtual name" to connect to your database rather than using a direct pathway. This may cause some slight performance issues on a heavily traffic'ed board as the server must process the DSN connection as well.

If you use Frontpage, then you cannot "see" above the public portion of your site through Frontpage. You will need to still use an FTP client to upload your database above the public side of your web. Contrary to some opinions you CAN use an FTP client on a FP enabled site just don't delete any files that begin with _vti or such as these are required by the FP extensions.

*Note: Using FP is not an issue as some claim. However, DO NOT use FP to edit your asp pages unless you know how to disable the additional FP coding which is an advanced method. If you use FP, then I recommend that you will also need a separate WYSIWYG editor such as Dreamweaver or another one that doesn't place application specific coding in the source code of the pages.

IMPORTANT: As -borg- and the help notes, it is VERY VERY important to get your database above the public the portion of your web. This pretty much prevents the ability of someone to download your database without hacking your FTP user/pass.

At the VERY LEAST rename the database to something very difficult to guess. Don't put it in your cgi-bin since that is an obvious place. Contact your host about setting up a new directory with WRITE permissions and use a somewhat cryptic directory name. Place the database in there.

Password protecting the database is of no use. If someone is smart enough to find the database, they are certainly smart enough to spend 2 mins on the internet and download a password cracking program and spend another 3 seconds (literally) cracking your database password.

10 print "GET THE DATABASE OUT OF THE PUBLIC PORTION OF THE WEB IF AT ALL POSSIBLE."

20 Goto 10