Urgent:Prevent download MS Access database from web folder

  • Thread starter Thread starter TC
  • Start date Start date
T

TC

JR's suggestions sound good.

If you secure the database using Access user-level security, they would have
to download the workgroup information file as well as the database. The
workgroup information file could have its own confusing filename & unlikely
location.

HTH,
TC
 
Hello Everyone;

I have this situation. I'm using MS Access as a back-end
database for the website. User will access the website
thru www.abczyx.com/login.asp The database is store
in ../db/zyx.mdb. If the smart user try to type this
www.abczyx.com/db/zyx.mdb he can download the database to
his local computer.

Is there any way to prevent this, I don't want user to
download this database. Even its encrypt, but is there any
way to stop this??? I'm using IIS as a web server.

I'll wait for the reply, and thanks in advance
Regards
Smooth Jazz
 
Hi SJ,
You may deploy one of these measures to protect your database on a Web
Server like IIS:

1. Use long names for the files such as 59tdfrw4kj60.mdb, ywt71o0gh.mdw etc,
in order to make it difficult to someone predicting your mdb name.

2. You can rename an mdb file to another extension.
For instance: test.mdb to test.asp which cannot be downloaded.
Hence, you'll reference that new name in your asp code, i.e.:

Set cnn = Server.CreateObject("ADODB.Connection")
openStr = "driver={Microsoft Access Driver (*.mdb)};" & _
"dbq=" & Server.MapPath("../db/test.asp")
cnn.Open openStr

Note: I didn't experience any problems such as corruption until
now, except for the corresponding ldb file which is never
deleted.

Combine Access User-Level security with some sort of code (asp file) that
encrypts/decrypts passwords stored in table.

Maybe someone has a better idea.
 
Hello,
The best way to do this is to control the access to the folder that holds
the database. Most ISPs will provide you with a database folder that outside
the website and then you use dsn to connect to the database. The structure
is normally like this..

folders
FTP
Database
WWW

Your site is located in the WWW folder and the database in the Database
folder and you cannot access the database folder directly unless you have
the site password.

Hope this helps
Michael
 
Back
Top