Google Gruppi non supporta più i nuovi post o le nuove iscrizioni Usenet. I contenuti storici continuano a essere visibili.
Dismiss

Database security concerns

1 visualizzazione
Passa al primo messaggio da leggere

FrankM

da leggere,
6 ago 2003, 14:22:2506/08/03
a
I'm about to install a database driven shopping cart. I've read in
cart documentation that my store is not secure if I'm using the
default configuration with an Access database in the public script
folder. I have asked my webmaster and they are not able to place the
database in a non-public folder. How can I solve this situation
without going to SQL Server? Comersus is compatible with SQL Server
but then I will have to pay more for the hosting service. The
documentation of the cart with security tips can be downloaded at
http://www.comersus.com/freeDownloads.asp
Thx in advance

Ray at <%=sLocation%>

da leggere,
6 ago 2003, 14:39:0706/08/03
a
First thing I'd do is smack the webmaster.

If you absolutely cannot get it outside of the site, I'd employ a number of
methods that would make your DB ~mostly~ secure.

1. Name it laksjdf9834hfaushdf.mdb
2. Then rename it to laksjdf9834hfaushdf.asp
3. Then put it in a dir like
kajsd/akjf34/a.4k,j5./kj34q/3kj4//34kj5/q43/5kj/q45q/435j/345j4j4/5/34kj
(ignore invalid characters - just pressed keyboard randomly)

This isn't the ideal solution by any means, but you do what you can.

Something else I'd do is put the webmaster's personal information in the
database and then send him the link to download it and explain to him that
anyone in the world can get to it. I guess what I'm trying to say is that
you should try to the absolute limit to talk the webmaster into not being so
foolish. Have him post here if he questions the need for keeping the mdb
outside of the site. :]

Ray at work

"FrankM" <frankma...@yahoo.com> wrote in message
news:9bf4f834.03080...@posting.google.com...

Bullschmidt

da leggere,
7 ago 2003, 05:14:0807/08/03
a
Renaming the database with an .asp extension should get the job done.
But you also might give the database a password. And if you do use an
asp extension, change it back to .mdb when uploading and downloading so
that your FTP software doesn't transfer the file as text.

Best regards,
J. Paul Schmidt, Freelance ASP Web Developer
http://www.Bullschmidt.com
ASP Design Tips, ASP Web Database Demo, Free ASP Bar Chart Tool...


*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Ray at <%=sLocation%>

da leggere,
7 ago 2003, 08:48:2207/08/03
a

"Bullschmidt" <pa...@bullschmidt.com-nospam> wrote in message
news:u$uyCRMX...@TK2MSFTNGP10.phx.gbl...

> Renaming the database with an .asp extension should get the job done.

Although much of the data will come through as straight and readable ASCII
if someone goes to http://yoursite/yourdatabase.asp, unfortunately.

> But you also might give the database a password. And if you do use an
> asp extension, change it back to .mdb when uploading and downloading so
> that your FTP software doesn't transfer the file as text.

Good point Paul!

Ray at work


Adrian Forbes - MVP

da leggere,
7 ago 2003, 09:37:1907/08/03
a
You can still password protect your Access DB and supply
the username and password in the connect string. For more
help on protecting access check the Help that comes with
it or try posting in an Access group. You should couple
this with Ray's idea of putting it someplace that you
can't guess.

>.
>

0 nuovi messaggi