Access database safety on Host Server

[marc]

Go to
https://services.office.microsoft.com/en-us/frontpage/HA011429951033.aspx?pid=CL100570711033
.. notice it says: “When you configure your form results to be saved to a
file, it is best to use the FrontPage default folder, _private. This folder
is a hidden folder that site visitors cannot open.†I don’t understand ,
FrontPage places my fpdb folder (with .mdb Access database) outside of the
_private folder. As it said above, site visitors, especially hackers, will be
able to open that. Of course if you put the ftdp folder in _private, you
can’t find it with ftp client, or ftp:####/_private/ So if I understand
it correctly, FrontPage has no easy solution for keeping sent info to the
Access database, it created, save.

 

[Paul M]

Hi
The article refares to the way you can save form results to a csv file and
it is as microsoft say best to save them in the _private folder. Databases
are best saved in the fpdb folder which is a hidden folder like the _private
folder which frontpage creates to save databases to and is protected from
download by the windows server permissions by anyone browsing the web

Paul M

 

[Mike Mueller]

Besides placing them in a _hidden folder, you can place a password on an
Access DB and better yet you can use an encryption algorithm so that if they
got the DB and they cracked the PW, they would still need to decrypt the
contents

 

[Mark Fitzpatrick]

Actually Paul, in most cases this is incorrect because, by default, the
Access database has IUSR read permissions which means the database is
accessable and downloadable by anyone who authenticates with the IUSR
account (which is any anonymous web browser).

 

[Mark Fitzpatrick]

It's not that FP has no easy solution, it's just the nature of the web, web
servers, and most web hosts. Keeping a database inside your web site is the
worste security solution. Anyone who has access to the web may have access
to the Access database. For most web hosts, your account root is the same as
your web site root. Some though, have a slightly different folder structure.
These hosts provide more facilities for you and when you FTP to your
account, you may find that there are several folders such as , logfiles,
www, data, etc.. In essence, you FTP one level up from your website. This
lets hosts make your logfiles easy to download. It also may give you the
ability to place your database outside of your web. You would then need to
create an ODBC connection, usually done in your hosts control panel, to talk
to the database. Then use this ODBC connection as the source of your data.
This blocks normal web users from simply downloading your database since it
is no longer technically within the web site.

Hope this helps,
Mark Fitzpatrick

 

[Paul M]

Thanks Mark
I have three directories in my ftp

htdocs where my website files are
logfiles
private

Should the access database be in the private folder one level up from
htdocs?

 

[Stefan B Rusynko]

Usually the private directory does not have the correct permissions
- Ask your host to create a database folder at the level with the correct permissions
(most hosts have a CP that will create that folder for DB's and at the same time create a DSN for the DB)

--

_____________________________________________
SBR @ ENJOY (-: [ Microsoft MVP - FrontPage ]
"Warning - Using the F1 Key will not break anything!" (-;
_____________________________________________


| Thanks Mark
| I have three directories in my ftp
|
| htdocs where my website files are
| logfiles
| private
|
| Should the access database be in the private folder one level up from
| htdocs?
|
| | > It's not that FP has no easy solution, it's just the nature of the web,
| > web servers, and most web hosts. Keeping a database inside your web site
| > is the worste security solution. Anyone who has access to the web may have
| > access to the Access database. For most web hosts, your account root is
| > the same as your web site root. Some though, have a slightly different
| > folder structure. These hosts provide more facilities for you and when you
| > FTP to your account, you may find that there are several folders such as ,
| > logfiles, www, data, etc.. In essence, you FTP one level up from your
| > website. This lets hosts make your logfiles easy to download. It also may
| > give you the ability to place your database outside of your web. You would
| > then need to create an ODBC connection, usually done in your hosts control
| > panel, to talk to the database. Then use this ODBC connection as the
| > source of your data. This blocks normal web users from simply downloading
| > your database since it is no longer technically within the web site.
| >
| > Hope this helps,
| > Mark Fitzpatrick
| >
| > | >> Go to
| >> https://services.office.microsoft.com/en-us/frontpage/HA011429951033.aspx?pid=CL100570711033
| >> . notice it says: "When you configure your form results to be saved to a
| >> file, it is best to use the FrontPage default folder, _private. This
| >> folder
| >> is a hidden folder that site visitors cannot open." I don't understand ,
| >> FrontPage places my fpdb folder (with .mdb Access database) outside of
| >> the
| >> _private folder. As it said above, site visitors, especially hackers,
| >> will be
| >> able to open that. Of course if you put the ftdp folder in _private, you
| >> can't find it with ftp client, or ftp:####/_private/ So if I
| >> understand
| >> it correctly, FrontPage has no easy solution for keeping sent info to the
| >> Access database, it created, save.
| >
|
|

 

[Paul M]

Thanks
I have set up an accss database conection using the control pannel and
placed my database in the private folder ( the one that is grouped with the
htdocs, logfiles, private)
the database conection string it sayaI use is
www.paulmilner.co.uk\private\artwork.mdb
the database conection I use is
MM_conngcocmembers_STRING = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source="
& Server.MapPath("www.paulmilner.co.uk\private\artwork.mdb")

How do I creat a DSN odbc conection for this database?

Is the Private folder the correct folder for access databases and does it
have the correct permissions?
Thankyou
Paul M


Account no. n135120
Support PIN 4635

Usually the private directory does not have the correct permissions
- Ask your host to create a database folder at the level with the correct
permissions
(most hosts have a CP that will create that folder for DB's and at the
same time create a DSN for the DB)

--

_____________________________________________
SBR @ ENJOY (-: [ Microsoft MVP - FrontPage ]
"Warning - Using the F1 Key will not break anything!" (-;
_____________________________________________


| Thanks Mark
| I have three directories in my ftp
|
| htdocs where my website files are
| logfiles
| private
|
| Should the access database be in the private folder one level up from
| htdocs?
|
| | > It's not that FP has no easy solution, it's just the nature of the
web,
| > web servers, and most web hosts. Keeping a database inside your web
site
| > is the worste security solution. Anyone who has access to the web may
have
| > access to the Access database. For most web hosts, your account root
is
| > the same as your web site root. Some though, have a slightly different
| > folder structure. These hosts provide more facilities for you and when
you
| > FTP to your account, you may find that there are several folders such
as ,
| > logfiles, www, data, etc.. In essence, you FTP one level up from your
| > website. This lets hosts make your logfiles easy to download. It also
may
| > give you the ability to place your database outside of your web. You
would
| > then need to create an ODBC connection, usually done in your hosts
control
| > panel, to talk to the database. Then use this ODBC connection as the
| > source of your data. This blocks normal web users from simply
downloading
| > your database since it is no longer technically within the web site.
| >
| > Hope this helps,
| > Mark Fitzpatrick
| >
| > | >> Go to
| >>
https://services.office.microsoft.com/en-us/frontpage/HA011429951033.aspx?pid=CL100570711033
| >> . notice it says: "When you configure your form results to be saved
to a
| >> file, it is best to use the FrontPage default folder, _private. This
| >> folder
| >> is a hidden folder that site visitors cannot open." I don't
understand ,
| >> FrontPage places my fpdb folder (with .mdb Access database) outside
of
| >> the
| >> _private folder. As it said above, site visitors, especially hackers,
| >> will be
| >> able to open that. Of course if you put the ftdp folder in _private,
you
| >> can't find it with ftp client, or ftp:####/_private/ So if I
| >> understand
| >> it correctly, FrontPage has no easy solution for keeping sent info to
the
| >> Access database, it created, save.
| >
|
|

 

[Paul M]

Hi Can someone please remove my last post thankyou
PaulM

Thanks
I have set up an accss database conection using the control pannel and
placed my database in the private folder ( the one that is grouped with
the htdocs, logfiles, private)
the database conection string it sayaI use is
www.paulmilner.co.uk\private\artwork.mdb
the database conection I use is
MM_conngcocmembers_STRING = "Provider=Microsoft.Jet.OLEDB.4.0;Data
Source=" & Server.MapPath("www.paulmilner.co.uk\private\artwork.mdb")

How do I creat a DSN odbc conection for this database?

Is the Private folder the correct folder for access databases and does it
have the correct permissions?
Thankyou
Paul M


Account no. n135120
Support PIN 4635

Usually the private directory does not have the correct permissions
- Ask your host to create a database folder at the level with the correct
permissions
(most hosts have a CP that will create that folder for DB's and at the
same time create a DSN for the DB)

--

_____________________________________________
SBR @ ENJOY (-: [ Microsoft MVP - FrontPage ]
"Warning - Using the F1 Key will not break anything!" (-;
_____________________________________________


| Thanks Mark
| I have three directories in my ftp
|
| htdocs where my website files are
| logfiles
| private
|
| Should the access database be in the private folder one level up from
| htdocs?
|
| | > It's not that FP has no easy solution, it's just the nature of the
web,
| > web servers, and most web hosts. Keeping a database inside your web
site
| > is the worste security solution. Anyone who has access to the web may
have
| > access to the Access database. For most web hosts, your account root
is
| > the same as your web site root. Some though, have a slightly
different
| > folder structure. These hosts provide more facilities for you and
when you
| > FTP to your account, you may find that there are several folders such
as ,
| > logfiles, www, data, etc.. In essence, you FTP one level up from your
| > website. This lets hosts make your logfiles easy to download. It also
may
| > give you the ability to place your database outside of your web. You
would
| > then need to create an ODBC connection, usually done in your hosts
control
| > panel, to talk to the database. Then use this ODBC connection as the
| > source of your data. This blocks normal web users from simply
downloading
| > your database since it is no longer technically within the web site.
| >
| > Hope this helps,
| > Mark Fitzpatrick
| >
| > | >> Go to
| >>
https://services.office.microsoft.com/en-us/frontpage/HA011429951033.aspx?pid=CL100570711033
| >> . notice it says: "When you configure your form results to be saved
to a
| >> file, it is best to use the FrontPage default folder, _private. This
| >> folder
| >> is a hidden folder that site visitors cannot open." I don't
understand ,
| >> FrontPage places my fpdb folder (with .mdb Access database) outside
of
| >> the
| >> _private folder. As it said above, site visitors, especially
hackers,
| >> will be
| >> able to open that. Of course if you put the ftdp folder in _private,
you
| >> can't find it with ftp client, or ftp:####/_private/ So if I
| >> understand
| >> it correctly, FrontPage has no easy solution for keeping sent info
to the
| >> Access database, it created, save.
| >
|
|