|
Posted by Duane Laflotte on September 6, 2005, 9:30 am
If you were Registered and logged in, you could reply and use other advanced thread options
Ajang,
I would say that the best way to protect it is to not put it in the
virtual root. I hack web servers for a living (White Hat). So I can tell
you that most of the time even remapping the extension to something like 404
isnt going to hold a hacker out for long. I would say your best bet is to
move it to another directory not under the web roots. Then have your ODBC
or DB connections point to that directory for the database. This way there
is no way for the outside users to get the DB by URL but your app still has
access to it. Also keep in mind that the user the website runs under will
need access to that directory as well.
Just my suggestion,
Duane
--
Duane Laflotte
MCSE, MCSD, MCDBA, MCSA, MCT, MCP+I
dlaflotte@criticalsites.com
http://www.cyberspacesamurai.com
> In windows 2000, we can map file extention ".mdb" to 404.dll to protect
> microscodt access databases from direct access by client.
>
> In Windows 2003 server, the above method do not work. In fact we can't
> install 404.dll.
> In Machine.Config, we add
> <add verb="*" path="*.mdb" type="System.Web.HttpForbiddenHandler" />
> in <httpHandler> section,it still do not work.
>
> Can some one tell me how to protect *.mdb file ?
>
> Thanks
>
>
>
>
>
>
| 
XML site map