MSMVPS.COM
The Ultimate Destination for Blogs by Current and Former Microsoft Most Valuable Professionals.
Shannon Shang-I think therefore I am » Use absolute path instead of relative path to increase the security of access database in asp website

Use absolute path instead of relative path to increase the security of access database in asp website

When i develop my website with asp,i find the following problem:

My database's path  in the root\database,and my conn.asp(define the connectionstring)in the root\includes

Because the files that need access the database locate in the root,so the connectionstring like this:

“Provider=Microsoft.Jet.OLEDB.4.0;Data Source=./database/database.mdb;"

When you browse the files located the root diectory,it work well,but if someone type this in the address textbox in the internet browser:

http://myserver/includes/conn.asp

it will raise a error:

can't find file “x:\somedirectory\myserver\includes\database\database.mdb“

....

some hacker will find that my database name is database.mdb and it's located x:\somedirectory\myserver\database

so after he(she) download my database to his(her) local harddisk,my private data will exposure.

Reference to some articles ,we can insert “on error resume next “ to skip this error,but i find it's a better way to resolve this problem.

We can build a path string with “Request.ServerVariables("APPL_PHYSICAL_PATH")“ instead of  “Server.MapPath“

After processing like this ,we can include this conn.asp in any page regardless of  it's location.



 

Posted May 11 2004, 02:52 PM by ch21st

Comments

ch21st wrote re: Use absolute path instead of relative path to increase the security of access database in asp website
on 09-02-2004 5:38
If possible, please your connection script and database ABOVE the www (public) folder; not deeper than it.

If that's not an option, then ask your hosting company to change the permissions of the connection script folder, as well as the database folder, so that it can ONLY be read by the server / your scripts; not the web browser.

That should do it!
ch21st wrote re: Use absolute path instead of relative path to increase the security of access database in asp website
on 09-02-2004 5:39
Oops - spelling error! Here's my reply again:

If possible, place your connection script folder and database folder ABOVE the www (public) folder; not deeper than it.

If that's not possible, then ask your hosting company to change the permissions of the connection script folder, as well as the database folder, so that they can ONLY be read by the server (your scripts); not the web browser.

That should do it!
TrackBack wrote re:Use absolute path instead of relative path to increase the security of access database in asp website
on 04-15-2005 13:39
^_^,Pretty Good!
TrackBack wrote re:Use absolute path instead of relative path to increase the security of access database in asp website
on 06-15-2005 21:41
Use absolute path instead of relative path to increase the security of access database in asp websiteooeess
TrackBack wrote re:Use absolute path instead of relative path to increase the security of access database in asp website
on 07-17-2005 1:39
Use absolute path instead of relative path to increase the security of access database in asp websiteooeess
TrackBack wrote re:Use absolute path instead of relative path to increase the security of access database in asp website
on 07-31-2005 22:20
Use absolute path instead of relative path to increase the security of access database in asp websiteooeess

Add a Comment

(required)  
(optional)
(required)  
Remember Me?


Copyright © is the original authors. Blog site is an independent site not sponsored by Microsoft. The Yoda blog server and the Brianna SQL server would like to thank www.ownwebnow.com and www.exchangedefender.com. They wouldn't be here and broadcasting without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems