Professional Web Applications Themes

Database security concerns - ASP Database

I'm about to install a database driven shopping cart. I've read in cart doentation that my store is not secure if I'm using the default configuration with an Access database in the public script folder. I have asked my webmaster and they are not able to place the database in a non-public folder. How can I solve this situation without going to SQL Server? Comersus is compatible with SQL Server but then I will have to pay more for the hosting service. The doentation of the cart with security tips can be downloaded at [url]http://www.comersus.com/freeDownloads.asp[/url] Thx in advance...

  1. #1

    Default Database security concerns

    I'm about to install a database driven shopping cart. I've read in
    cart doentation that my store is not secure if I'm using the
    default configuration with an Access database in the public script
    folder. I have asked my webmaster and they are not able to place the
    database in a non-public folder. How can I solve this situation
    without going to SQL Server? Comersus is compatible with SQL Server
    but then I will have to pay more for the hosting service. The
    doentation of the cart with security tips can be downloaded at
    [url]http://www.comersus.com/freeDownloads.asp[/url]
    Thx in advance
    FrankM Guest

  2. #2

    Default Re: Database security concerns

    First thing I'd do is smack the webmaster.

    If you absolutely cannot get it outside of the site, I'd employ a number of
    methods that would make your DB ~mostly~ secure.

    1. Name it laksjdf9834hfaushdf.mdb
    2. Then rename it to laksjdf9834hfaushdf.asp
    3. Then put it in a dir like
    kajsd/akjf34/a.4k,j5./kj34q/3kj4//34kj5/q43/5kj/q45q/435j/345j4j4/5/34kj
    (ignore invalid characters - just pressed keyboard randomly)

    This isn't the ideal solution by any means, but you do what you can.

    Something else I'd do is put the webmaster's personal information in the
    database and then send him the link to download it and explain to him that
    anyone in the world can get to it. I guess what I'm trying to say is that
    you should try to the absolute limit to talk the webmaster into not being so
    foolish. Have him post here if he questions the need for keeping the mdb
    outside of the site. :]

    Ray at work

    "FrankM" <frankmalone2003> wrote in message
    news:9bf4f834.0308061022.741f74f5posting.google.c om...
    > I'm about to install a database driven shopping cart. I've read in
    > cart doentation that my store is not secure if I'm using the
    > default configuration with an Access database in the public script
    > folder. I have asked my webmaster and they are not able to place the
    > database in a non-public folder. How can I solve this situation
    > without going to SQL Server? Comersus is compatible with SQL Server
    > but then I will have to pay more for the hosting service. The
    > doentation of the cart with security tips can be downloaded at
    > [url]http://www.comersus.com/freeDownloads.asp[/url]
    > Thx in advance

    Ray at Guest

  3. #3

    Default Re: Database security concerns

    Renaming the database with an .asp extension should get the job done.
    But you also might give the database a password. And if you do use an
    .asp extension, change it back to .mdb when uploading and downloading so
    that your FTP software doesn't transfer the file as text.

    Best regards,
    J. Paul Schmidt, Freelance ASP Web Developer
    [url]http://www.Bullschmidt.com[/url]
    ASP Design Tips, ASP Web Database Demo, Free ASP Bar Chart Tool...


    *** Sent via Developersdex [url]http://www.developersdex.com[/url] ***
    Don't just participate in USENET...get rewarded for it!
    Bullschmidt Guest

  4. #4

    Default Re: Database security concerns


    "Bullschmidt" <paulbullschmidt.com-nospam> wrote in message
    news:u$uyCRMXDHA.536TK2MSFTNGP10.phx.gbl...
    > Renaming the database with an .asp extension should get the job done.
    Although much of the data will come through as straight and readable ASCII
    if someone goes to [url]http://yoursite/yourdatabase.asp[/url], unfortunately.
    > But you also might give the database a password. And if you do use an
    > asp extension, change it back to .mdb when uploading and downloading so
    > that your FTP software doesn't transfer the file as text.
    Good point Paul!

    Ray at work


    Ray at Guest

  5. #5

    Default Database security concerns

    You can still password protect your Access DB and supply
    the username and password in the connect string. For more
    help on protecting access check the Help that comes with
    it or try posting in an Access group. You should couple
    this with Ray's idea of putting it someplace that you
    can't guess.
    >-----Original Message-----
    >I'm about to install a database driven shopping cart.
    I've read in
    >cart doentation that my store is not secure if I'm
    using the
    >default configuration with an Access database in the
    public script
    >folder. I have asked my webmaster and they are not able
    to place the
    >database in a non-public folder. How can I solve this
    situation
    >without going to SQL Server? Comersus is compatible with
    SQL Server
    >but then I will have to pay more for the hosting service.
    The
    >doentation of the cart with security tips can be
    downloaded at
    >[url]http://www.comersus.com/freeDownloads.asp[/url]
    >Thx in advance
    >.
    >
    Adrian Forbes - MVP Guest

Similar Threads

  1. Database security
    By Steve in forum Coldfusion Database Access
    Replies: 18
    Last Post: September 20th, 01:13 AM
  2. Legal Concerns
    By MariaY25 in forum Macromedia Director Basics
    Replies: 7
    Last Post: April 23rd, 12:03 PM
  3. Database Security Issues
    By Jonathan Lamothe in forum PHP Development
    Replies: 14
    Last Post: December 1st, 12:26 AM
  4. Form security for database
    By Mark Renton in forum PHP Development
    Replies: 7
    Last Post: October 27th, 04:25 PM
  5. Adding ASP.NET to IIS5 security concerns
    By Dimitrie in forum ASP.NET Security
    Replies: 1
    Last Post: September 29th, 02:53 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139