Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Database security concerns

1 view
Skip to first unread message

FrankM

unread,
Aug 6, 2003, 2:22:25 PM8/6/03
to
I'm about to install a database driven shopping cart. I've read in
cart documentation that my store is not secure if I'm using the
default configuration with an Access database in the public script
folder. I have asked my webmaster and they are not able to place the
database in a non-public folder. How can I solve this situation
without going to SQL Server? Comersus is compatible with SQL Server
but then I will have to pay more for the hosting service. The
documentation of the cart with security tips can be downloaded at
http://www.comersus.com/freeDownloads.asp
Thx in advance

Ray at <%=sLocation%>

unread,
Aug 6, 2003, 2:39:07 PM8/6/03
to
First thing I'd do is smack the webmaster.

If you absolutely cannot get it outside of the site, I'd employ a number of
methods that would make your DB ~mostly~ secure.

1. Name it laksjdf9834hfaushdf.mdb
2. Then rename it to laksjdf9834hfaushdf.asp
3. Then put it in a dir like
kajsd/akjf34/a.4k,j5./kj34q/3kj4//34kj5/q43/5kj/q45q/435j/345j4j4/5/34kj
(ignore invalid characters - just pressed keyboard randomly)

This isn't the ideal solution by any means, but you do what you can.

Something else I'd do is put the webmaster's personal information in the
database and then send him the link to download it and explain to him that
anyone in the world can get to it. I guess what I'm trying to say is that
you should try to the absolute limit to talk the webmaster into not being so
foolish. Have him post here if he questions the need for keeping the mdb
outside of the site. :]

Ray at work

"FrankM" <frankma...@yahoo.com> wrote in message
news:9bf4f834.03080...@posting.google.com...

Bullschmidt

unread,
Aug 7, 2003, 5:14:08 AM8/7/03
to
Renaming the database with an .asp extension should get the job done.
But you also might give the database a password. And if you do use an
asp extension, change it back to .mdb when uploading and downloading so
that your FTP software doesn't transfer the file as text.

Best regards,
J. Paul Schmidt, Freelance ASP Web Developer
http://www.Bullschmidt.com
ASP Design Tips, ASP Web Database Demo, Free ASP Bar Chart Tool...


*** Sent via Developersdex http://www.developersdex.com ***
Don't just participate in USENET...get rewarded for it!

Ray at <%=sLocation%>

unread,
Aug 7, 2003, 8:48:22 AM8/7/03
to

"Bullschmidt" <pa...@bullschmidt.com-nospam> wrote in message
news:u$uyCRMX...@TK2MSFTNGP10.phx.gbl...

> Renaming the database with an .asp extension should get the job done.

Although much of the data will come through as straight and readable ASCII
if someone goes to http://yoursite/yourdatabase.asp, unfortunately.

> But you also might give the database a password. And if you do use an
> asp extension, change it back to .mdb when uploading and downloading so
> that your FTP software doesn't transfer the file as text.

Good point Paul!

Ray at work


Adrian Forbes - MVP

unread,
Aug 7, 2003, 9:37:19 AM8/7/03
to
You can still password protect your Access DB and supply
the username and password in the connect string. For more
help on protecting access check the Help that comes with
it or try posting in an Access group. You should couple
this with Ray's idea of putting it someplace that you
can't guess.

>.
>

0 new messages