Hi, Everyone I'm new user of Winhost, before I was with other host company, for security reason, they have a database directory out side of web root, in Winhost, Where should I put my Access Database for more secure? The 2nd question, I have a page which will ask user to upload some pdf, jpg files, for the files where it upload into, do I need change the folder permission? how to change it? Thanks Eric
Hi Eric, 1) You can put it in an /App_Data or /_database folder to secure it. 2) You don't need to set permissions. Your application has full read/write rights to your hosting space.
Hi, Elshadriel Thank you for your quickly reply, just want to be sure, you mean I can create a folder, name it as "_database", then save the Access database under this folder, this way the site visitor will not able to download it through the browser, am I correct? And I'm using the Classic ASP, is that matter? Thanks Eric
Hi Eric, Yes, that is exactly correct. Those folders have special meaning to IIS and are protected by Request Filtering. And it doesn't matter if you're using Classic ASP, PHP, or ASP.NET.
Actually as of IIS 7 and the RequestFiltering module, Access databases which should have the extension of .mdb are already protected by the system from the client/browser. So it doesn't really matter where you place your Access database file, the client/browser shouldn't be able to directly call and download that file.
Thanks for these pointers! I have similar, but different needs, so I wondered whether there are more folder names that are already considered protected by IIS? Are files in subfolders, e.g. _App_Data\TheseFiles\MoreFiles, also protected? For example, are folder names that are preceded by the underscore, e.g. _FilesInHere, automatically protected, or is it only for the two named above?
There are 4 folders protected: /App_Code /App_Data /Bin /_database And yes, everything under those folders are protected including sub-folders.