Protecting databases

[joe_pool_is]

I have a website with a database. All connections to my database go through a secure connection, however, if someone were to know the name and address of my database file, they could easily download it.

Ex: http://www.my-website/aspnet-client/database1.db
Anyone who knew this Internet address could download the database.

How can I make it so that someone would have to enter a "username/password" combination to access it? Or is there another, more conventional method of doing this?

Regards,
Joe

 

[wayneph]

I protect my databases by not putting them in the web share. If I'm using Access I'll set up my application structure like this.

/ApplicationName
    /Databases
    /www

Then I will set up the www folder as the root of my web share. Then you can give the IUSER necessary permission to use the database, with out worring about someone downloading it.

 

[joe_pool_is]

Interesting technique. I want to give that a try.

Do I need to do anything special in VB.NET to access it from there? Since my apps are already running in the www.my-website.com/aspnet-client directory, would the path be:
strPath = "../../Databases/"
and file be
strFile = strPath & strDatabase
?

 

[Derek Stone]

Your best bet is to store the connection string with a full path (not relative path) to the database in the application's configuration file (web.config).

 

[joe_pool_is]

Your best bet is to store the connection string with a full path (not relative path) to the database in the application's configuration file (web.config).

Derek,
I am posting my files to an ISP using the "Copy Project" feature of Visual Studio .NET. How do I get the full path? I don't even know what that would be.

Thanks for helping!