Protect db from download

J

Jake

A while back I thought I read that if your database is located inside the
fpdb folder it is protected from being downloaded but this is not the case.
What are some ways that I can keep users from browsing to the database
folder and downloading it?

What I have so far is:
Hard to guess db name.
Password protect the db which would require a ton of code changes.
Locate db outside of web - more code changes.

Any others?
 
T

Thomas A. Rowe

The database must be upload to the server via FP, and stored in the fpdb folder for it to be
protected automatically, otherwise your web host must set the permissions to protect on the folder
you are using.

Actually storing the db outside of the web root, if allowed by the host is the best solutions, and
really the only change would be the global.asa file if using a System DSN.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
WEBMASTER Resources(tm)

FrontPage Resources, WebCircle, MS KB Quick Links, etc.
==============================================
 
J

Jake

Thanks Thomas,
So what permissions should be set on the folder that would prevent download
but allow inserting and updating?
 
T

Thomas A. Rowe

I actually have never checked, however if you import a database into a open FP web, and let FP put
it in the fpdb folder, then you see what permissions are assigned via NTFS to the folder and
database.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
WEBMASTER Resources(tm)

FrontPage Resources, WebCircle, MS KB Quick Links, etc.
==============================================
 
J

Jon Spivey

Hi Jake,

FP should do this automatically - if your host has allowed the FP extensions
to manage permissions. All that happens is read access is disabled in IIS so
the database can be accessed by your scripts but can't be downloaded.
Thomas's suggestion about storing the database outside the web root would be
a good way of protecting your database, an easy alternative is to just
rename your database with an .asp extension, ie YourDb.asp instead of
YourDb.mdb - your scripts will be able to access the database but it will be
impossible for a user to download.it.
 
J

Jake

Wow - didnt know you could do that!

Thanks!


Jon Spivey said:
Hi Jake,

FP should do this automatically - if your host has allowed the FP
extensions to manage permissions. All that happens is read access is
disabled in IIS so the database can be accessed by your scripts but can't
be downloaded. Thomas's suggestion about storing the database outside the
web root would be a good way of protecting your database, an easy
alternative is to just rename your database with an .asp extension, ie
YourDb.asp instead of YourDb.mdb - your scripts will be able to access the
database but it will be impossible for a user to download.it.
Click to expand...
 
J

Jake

Thanks Thomas!

Thomas A. Rowe said:
I actually have never checked, however if you import a database into a open
FP web, and let FP put it in the fpdb folder, then you see what permissions
are assigned via NTFS to the folder and database.

--
==============================================
Thomas A. Rowe (Microsoft MVP - FrontPage)
WEBMASTER Resources(tm)

FrontPage Resources, WebCircle, MS KB Quick Links, etc.
==============================================
Click to expand...
 
Top