Where should I put my Access Database for more secure?

Hi, Everyone
I'm new user of Winhost, before I was with other host company, for security reason, they have a database directory out side of web root, in Winhost, Where should I put my Access Database for more secure?

The 2nd question, I have a page which will ask user to upload some pdf, jpg files, for the files where it upload into, do I need change the folder permission? how to change it?

Thanks

Eric

 

Hi, Elshadriel
Thank you for your quickly reply, just want to be sure, you mean I can create a folder, name it as "_database",
then save the Access database under this folder, this way the site visitor will not able to
download it through the browser, am I correct?
And I'm using the Classic ASP, is that matter?

Thanks

Eric

 

Thank you, Elshadriel
That's exactly what I want,

Thank you again

Eric

 

Actually as of IIS 7 and the RequestFiltering module, Access databases which should have the extension of .mdb are already protected by the system from the client/browser. So it doesn't really matter where you place your Access database file, the client/browser shouldn't be able to directly call and download that file.

 

Thanks for these pointers! I have similar, but different needs, so I wondered whether there are more folder names that are already considered protected by IIS?

Are files in subfolders, e.g. _App_Data\TheseFiles\MoreFiles, also protected?

For example, are folder names that are preceded by the underscore, e.g. _FilesInHere, automatically protected, or is it only for the two named above?