I am not sure if this subject was discussed before but I need some advise 
to secure the database (especially .mdb files). First of all it is 
possible to type the full path (if it is known) of the database and 
receive the file. A friend of mine suggested that I remove the read acess 
of the database from the IIS. This seems to work but I am not sure up to 
what extend this can be thought as secure. Also to be able to update the 
database, we need to give write access to the mdb file which makes me 
anxious too. What if someone is able to upload his own .asp file to modify 
the database (a case, recently happened to a friend)? Using passwords for 
opening databases and using DNS seem to be something nice practises as 
using DNS gives you the ability to move the database to a folder outside 
the  Web site. But I prefer OLEDB (so this is not an option for me). I 
would be glad to see some URL on this subject, if exists.

                              Thanks

                              Adil Hindistan, CE-93
                              www.scorion.net
                              ICQ:26477783



---
http://www.asptoday.com - the leading site for timely,
in-depth information for ASP developers everywhere.
---
You are currently subscribed to security_databases as: $subst('Recip.EmailAddr')
To unsubscribe send a blank email to leave-security_databases-$subst('Recip.MemberIDChar')@p2p.wrox.com