Ask a Question related to ASP Database, Design and Development.
-
Dav. #1
IUSR_WWW and db folder ?
Hi guys,
I've always used a connection like this:
<%
' FileName="Connection_ado_conn_string.htm"
' Type="ADO"
' HTTP="true"
' Catalog=""
' Schema=""
MM_name_STRING = "DRIVER={Microsoft Access Driver
(*.mdb)};DBQ=F:/webspace/db.mdb;UID=login;PWD=password"
%>
I noticed that I use the IUSR_WWW account with full rights in the db folder,
so I asked myself: "and if I delete the UID and PWD fields ?" I deleted it
and all works correctly. SO WHY all say to enter UID and PWD ?? How can I
give this folder some SECURITY ? The IUSR user has full access, so someone
could also read and download my database.... isn't it ??
Thanks,
David.
Dav. Guest
-
Can I allow access to one file within a folder, but notthe whole folder
I want to allow access for users to edit only specific file within a folder. Can I do this Also, since I am just starting to use this on a new... -
Intercept the auto-refresh of a folder in HTML folder template
Can anyone please send me the code to intercept the auto-refresh of a web page or folder (controlled by HTML folder template), or tell me where can... -
Archiving folder containing folders (was - Using archive::tar for archiving a folder)
Thanks for the response David. When I do 'Archive::Tar->create_archive("/tmp/test.tar",0,glob("*.pl"))' it tars all the .pl files in the current... -
Remove from $name (folder)/(folder)/[x]/ <-- if exists to just get [x].
Guys and girls, I'll be quite honest. I don't have the faintest idea how to do this, while I can do other php without a problem. Once I know how to... -
Mapping networked shared folder to local folder
Hello. I am setting-up a "cad server" (basically a shared folder located, \\cad\eoi\) for my draftspeople. The problem lies within the cad... -
Aaron Bertrand - MVP #2 Re: IUSR_WWW and db folder ?
> give this folder some SECURITY ? The IUSR user has full access, so someone
Sure, if you tell them the name of the database, and what folder it's in.> could also read and download my database.... isn't it ??
If you keep this information private, they'd have to guess at it all...
which might be just as difficult as guessing your username/password to FTP
into your entire site structure (or term serv into the box itself!).
If you want to prevent the ability to download a lucky guess MDB file
location, keep your database in a non-web folder. You still have to make
sure IUSR_ has access to it, but end users won't be allowed to simply browse
to it.
If you want to prevent the ability to download the MDB file *but* keep it
accessible through FTP (and assuming you can't set up an FTP virtual
directory to your non-web folder, and maybe you can't set up a non-web
folder at all), simply give your Access database an .ASP extension. It
won't have a pretty Access icon anymore, but Access will still open it when
told, and users will not be able to download it.
A
Aaron Bertrand - MVP Guest
-
Dav. #3 Re: IUSR_WWW and db folder ?
Does I need to give full control to the IUSR_WWW user or just read and write
?
Thanks,
David.
"Aaron Bertrand - MVP" <aaron@TRASHaspfaq.com> ha scritto nel messaggio
news:euUdFuhdDHA.1728@TK2MSFTNGP09.phx.gbl...someone> > give this folder some SECURITY ? The IUSR user has full access, sobrowse>> > could also read and download my database.... isn't it ??
> Sure, if you tell them the name of the database, and what folder it's in.
> If you keep this information private, they'd have to guess at it all...
> which might be just as difficult as guessing your username/password to FTP
> into your entire site structure (or term serv into the box itself!).
>
> If you want to prevent the ability to download a lucky guess MDB file
> location, keep your database in a non-web folder. You still have to make
> sure IUSR_ has access to it, but end users won't be allowed to simplywhen> to it.
>
> If you want to prevent the ability to download the MDB file *but* keep it
> accessible through FTP (and assuming you can't set up an FTP virtual
> directory to your non-web folder, and maybe you can't set up a non-web
> folder at all), simply give your Access database an .ASP extension. It
> won't have a pretty Access icon anymore, but Access will still open it> told, and users will not be able to download it.
>
> A
>
>
Dav. Guest
-
Bob Barrows #4 Re: IUSR_WWW and db folder ?
Just read/write (Change). The permissions need to apply to the folder
containing the mdb file, not just to the file, because users of and mdb file
need to be able to create and delete the corresponding ldb file within the
same folder.
Bob Barrows
Dav. wrote:> Does I need to give full control to the IUSR_WWW user or just read
> and write ?
> Thanks,
>
> David.
> "Aaron Bertrand - MVP" <aaron@TRASHaspfaq.com> ha scritto nel
> messaggio news:euUdFuhdDHA.1728@TK2MSFTNGP09.phx.gbl...>>>>> give this folder some SECURITY ? The IUSR user has full access, so
>>> someone could also read and download my database.... isn't it ??
>> Sure, if you tell them the name of the database, and what folder
>> it's in. If you keep this information private, they'd have to guess
>> at it all... which might be just as difficult as guessing your
>> username/password to FTP into your entire site structure (or term
>> serv into the box itself!).
>>
>> If you want to prevent the ability to download a lucky guess MDB file
>> location, keep your database in a non-web folder. You still have to
>> make sure IUSR_ has access to it, but end users won't be allowed to
>> simply browse to it.
>>
>> If you want to prevent the ability to download the MDB file *but*
>> keep it accessible through FTP (and assuming you can't set up an FTP
>> virtual directory to your non-web folder, and maybe you can't set up
>> a non-web folder at all), simply give your Access database an .ASP
>> extension. It won't have a pretty Access icon anymore, but Access
>> will still open it when told, and users will not be able to download
>> it.
>>
>> A
Bob Barrows Guest
-
Jeff Cochran #5 Re: IUSR_WWW and db folder ?
On Mon, 8 Sep 2003 16:48:26 +0200, "Dav." <funnyboy@interfree.it>
wrote:
Put the database folder outside the web structure and it won't be>Hi guys,
>I've always used a connection like this:
>
><%
>' FileName="Connection_ado_conn_string.htm"
>' Type="ADO"
>' HTTP="true"
>' Catalog=""
>' Schema=""
>MM_name_STRING = "DRIVER={Microsoft Access Driver
>(*.mdb)};DBQ=F:/webspace/db.mdb;UID=login;PWD=password"
>%>
>
>I noticed that I use the IUSR_WWW account with full rights in the db folder,
>so I asked myself: "and if I delete the UID and PWD fields ?" I deleted it
>and all works correctly. SO WHY all say to enter UID and PWD ?? How can I
>give this folder some SECURITY ? The IUSR user has full access, so someone
>could also read and download my database.... isn't it ??
served by IIS on any HTTP request.
Jeff
Jeff Cochran Guest
Reply With QuoteSimilar Questions and Discussions
Posting Permissions
- You may not post new threads
- You may post replies
- You may not post attachments
- You may not edit your posts
