I assume you are talking about a file-based database, such as Microsoft
Access.

Your options:
a) store the .mdb file outside the webroot. Users can not download the file
using HTTP because the file is outside the website.

b) store the .mdb file inside the webroot, but use the IIS MMC Snapin to
remove "read", "script" and "execute" permissions from that folder. This
means that HTTP GET requests will not be served from that folder. Usually a
hosting company will provide you with a special folder (eg /fpdb or similar)
which you can use to put your .mdb files inside

Cheers
Ken

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
From: "Jeremy Simpson" <jsimpson34@e...>
Subject: [security_asp] Secure the Database


: How can you make your database secure when using ASP? Is it true that if
: you know the path to a web sites DB you can download it?
:
: I've also head some talk about putting your DB outside the virtual folder.
: Will that keep users from gaining access?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~