How can I secure an Access database that I use on my Web site? That is, I don't want users to be able to guess the URL of my Access .mdb file and download my database! [Print this FAQ]
Answer:
When creating Web applications with an Access database, developers often save the Access database to a Web accessible folder. That is, they may save the actual .mdb file as: C:\INetPub\wwwroot\MyDB.mdb. The downside to this approach is that anyone who knows (or can guess) the URL to the .mdb file can download the Access database and examine all of your information.
While it may seem that the risk of a user guessing the URL to your Access database's .mdb file is low, there's always the risk. Also, if, for some reason, there is an error in connecting to the database, or an error in an include file that contains an error, a user may be able to easily find out the URL to your Access database. (For more information on the potential security hole concerning include files, be sure to read: Security Alert - Using includes Improperly from non-Debugged ASP Pages can allow Visitors to View your souce code.)
To answer this question of how to protect your Access database's .mdb file, we turn to an ASPMessageboard.com post from Chris:
*** BEGIN QUOTE *** The way to do it is to put your database in a location that is only accessible on the server-side, not client-side. The key to this is putting it in a directory that is higher than the wwwroot. If you're running your own server (eg, IIS) do it like this: [my website] --[html] --[private]
Put the content of your website (eg, images, .htm pages, .asp pages) in the [html] directory, and make this the wwwroot. Put things you want hidden from the client in the [private] directory. When you need to access things in the [private] directory (eg, your database) you can directly reference the path on the server, or work it out.
If you're not running your own server then look on your Host's server for a directory above the root called "private" or "data" or something. If you can't find it, email them. *** END QUOTE ***
Also, for more information on how to configure folders so that they cannot be visited via the Web, be sure to read this helpful article: How to configure HTTP READ-Protected Folders!
There you have it! An easy way to protect your Access database file. Happy Programming!
FAQ posted by Scott Mitchell at
8/24/2001 10:12:26 AM to the
Databases, General category.
This FAQ has been viewed 81,254 times.
Do you have a FAQ you'd like to suggest?
Suggestions? Comments? If so, send it in!
Also, if you'd like to be a FAQ Admin (creating/editing FAQs),
let me know! If you are looking for other FAQs, be
sure to check out the 4Guys
FAQ and Commonly Asked Messageboard Questions!
