Where should I put my Access Database for more secure?

Discussion in 'Site Programming, Development and Design' started by Eric Wang, Jul 22, 2014.

  1. Hi, Everyone
    I'm new user of Winhost, before I was with other host company, for security reason, they have a database directory out side of web root, in Winhost, Where should I put my Access Database for more secure?

    The 2nd question, I have a page which will ask user to upload some pdf, jpg files, for the files where it upload into, do I need change the folder permission? how to change it?


    Last edited by a moderator: Oct 14, 2015
  2. Elshadriel

    Elshadriel Winhost Staff

    Hi Eric,

    1) You can put it in an /App_Data or /_database folder to secure it.

    2) You don't need to set permissions. Your application has full read/write rights to your hosting space.
    ComputerMan and patrickcasey like this.
  3. Hi, Elshadriel
    Thank you for your quickly reply, just want to be sure, you mean I can create a folder, name it as "_database",
    then save the Access database under this folder, this way the site visitor will not able to
    download it through the browser, am I correct?
    And I'm using the Classic ASP, is that matter?


  4. Elshadriel

    Elshadriel Winhost Staff

    Hi Eric,

    Yes, that is exactly correct. Those folders have special meaning to IIS and are protected by Request Filtering. And it doesn't matter if you're using Classic ASP, PHP, or ASP.NET.
    Michael likes this.
  5. Thank you, Elshadriel
    That's exactly what I want,

    Thank you again

    Elshadriel likes this.
  6. Ray


    Actually as of IIS 7 and the RequestFiltering module, Access databases which should have the extension of .mdb are already protected by the system from the client/browser. So it doesn't really matter where you place your Access database file, the client/browser shouldn't be able to directly call and download that file.
  7. Thanks for these pointers! I have similar, but different needs, so I wondered whether there are more folder names that are already considered protected by IIS?

    Are files in subfolders, e.g. _App_Data\TheseFiles\MoreFiles, also protected?

    For example, are folder names that are preceded by the underscore, e.g. _FilesInHere, automatically protected, or is it only for the two named above?
  8. Elshadriel

    Elshadriel Winhost Staff

    There are 4 folders protected:


    And yes, everything under those folders are protected including sub-folders.
    Michael likes this.

Share This Page