| Author |
 Topic  |
|
Alfred
Senior Member
USA
1527 Posts |
 Posted - 12 March 2003 : 20:30:34
|
I signed up with a new web host, where there is no special db folder.
When I asked support, they replied:
quote:
They cab be placed anywhere. If you need a fodler that is non-wbaccessable then you can create the folder and send us the name of the folder and we can make it secure
Does that mean the path for my config.asp file does not have to point to the server?
|
Alfred
The Battle Group
CREDO
|
|
|
weeweeslap
Senior Member
USA
1077 Posts |
Posted - 12 March 2003 : 20:37:49
|
| it does have to point to the serve, or else how will it connect to the db? If no no dl folder is available then make the db name super hard something scribble like jkHGHTY5454GHsvm98&&^769d?n9u76.mdb or whatever to make it seemingly impossible to guess the db name and saver it in another folder other than the forum folder imo. |
coaster crazy |
 |
|
|
Alfred
Senior Member
USA
1527 Posts |
Posted - 12 March 2003 : 21:08:03
|
They did say:quote:
They cab be placed anywhere. If you need a fodler that is non-wbaccessable then you can create the folder and send us the name of the folder and we can make it secure
But I wondered whether the path just has to be to the folder I place it in, or to a separate server unit, as it was on my other host(in red):quote:
strConnString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=\\premfs3\sites\premium8\my_name\database\my_file_name.mdb"
|
Alfred
The Battle Group
CREDO
|
|
|
|
spyordie007
Junior Member
USA
408 Posts |
Posted - 12 March 2003 : 21:10:54
|
the spell reelly good 
-Spyyy |
Power - The only narcotic controlled by the SEC, not the FDA.
Prosperity without pollution! The American Hydrogen Association - http://www.ahanw.org
Questions about Hydrogen? Post them on our forum - http://www.ahanw.org/forum |
|
|
|
Alfred
Senior Member
USA
1527 Posts |
Posted - 12 March 2003 : 21:35:24
|
Well, that part I am used to by now - dealing with semiliterals on the net.
As long as I can guess the substance of what they are trying to say, which I am not sure about in this case.
This is the latest tech response I got:quote:
Hello,
The path up to your site is e:\ggholiday.com\ggholiday.com
You will then need to complete the pat up to your database.
With their spelling I am not sure now how accurate that info is...
Would you think the string should look like this:quote:
strConnString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=e:\ggholiday.com\ggholiday.com\and_whatever_folder
|
Alfred
The Battle Group
CREDO
|
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 12 March 2003 : 22:07:51
|
What is the web folder there? Likely it's the second one, so I guess you could make it like:
e:\ggholiday.com\database and it wouldn't be reached from the web... but only if the root web folder is e:\ggholiday.com\ggholiday.com |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
Alfred
Senior Member
USA
1527 Posts |
Posted - 12 March 2003 : 22:20:04
|
That's the problem - I am not sure whether the info I got is exact, or a typo.
When I access the site via my ftp client, it only shows ggholiday.com as root folder.
If it is as you say, this being the second level folder, and I add ../database - why would they offer to "make it secure" when that is already secure? |
Alfred
The Battle Group
CREDO
|
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 12 March 2003 : 22:26:11
|
| So just create a database folder at the same level of the existing ggholiday.com folder. I think it should be secure, but you can then check whether it is secure or not, by placing a database file inside and trying to download it. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
Alfred
Senior Member
USA
1527 Posts |
Posted - 12 March 2003 : 23:21:14
|
I actually placed the folder below my root folder, and disabled the write option for the folder.
I am quite impressed so far - tech support may not spell or type flawlessly, which can happen when you are under time pressure - but they satisfactorily answered three of my mails in the last two hours. 
quote:
The path is correct below. Here is a temporary URL: http://ggholiday.sectorlink.org/ to view your site before you transfer the name server information.
|
Alfred
The Battle Group
CREDO
|
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
|
|
Gremlin
General Help Moderator
New Zealand
7528 Posts |
Posted - 13 March 2003 : 06:35:36
|
| We have write permissions enabled on all folders by default as well, when I setup forums for people I create a directory above the webroot for them exactly how Ruirib suggested. |
Kiwihosting.Net - The Forum Hosting Specialists
|
|
|
|
Alfred
Senior Member
USA
1527 Posts |
Posted - 13 March 2003 : 09:15:34
|
I shifted the db folder up now, so it is on the same level as the root folder.
That should be safe, right?
Re "read" or "write" enabling - I don't mind if someone reads it, as long as nobody can screw it up by editing the db!
BTW, is there any harm in disabling both, read and write for the public?
Or does that inhibit any ASP interaction? |
Alfred
The Battle Group
CREDO
|
Edited by - Alfred on 13 March 2003 09:18:54 |
|
|
|
ruirib
Snitz Forums Admin
Portugal
26364 Posts |
Posted - 13 March 2003 : 11:27:27
|
quote:
Originally posted by Alfred
I shifted the db folder up now, so it is on the same level as the root folder.
That should be safe, right?
Yes.
quote:
Re "read" or "write" enabling - I don't mind if someone reads it, as long as nobody can screw it up by editing the db!
BTW, is there any harm in disabling both, read and write for the public?
Or does that inhibit any ASP interaction?
Now, from the IIS point of view, no reading or writing is required, since the DB won't be directly accessed from the Web. Now the DB and folder only need read and write permissions, but you need to set them in the file system, with Windows Explorer, not with IIS Manager. |
Snitz 3.4 Readme | Like the support? Support Snitz too |
|
|
|
Alfred
Senior Member
USA
1527 Posts |
Posted - 13 March 2003 : 11:40:18
|
quote:
Now, from the IIS point of view, no reading or writing is required, since the DB won't be directly accessed from the Web.
So I understand that calling up the db from an ASP page isn't "access from the web", right?
I am a little confused over this here:quote:
Now the DB and folder only need read and write permissions, but you need to set them in the file system, with Windows Explorer, not with IIS Manager.
I was talking about the CHMOD File Attributes in my FTP client.
What happens when one disables the public read and write in there? |
Alfred
The Battle Group
CREDO
|
|
|
|
Roland
Advanced Member
Netherlands
9335 Posts |
Posted - 13 March 2003 : 12:07:03
|
| you can't CHMOD anything on a Windows server, so unless you've gotten yourself a UNIX host, you're trying to change settings that won't take effect. |
|
|
|
Alfred
Senior Member
USA
1527 Posts |
Posted - 13 March 2003 : 12:43:49
|
Roland, that explains why CHMOD always reverts back to "enabled" for both options!
And also why the tech people offered "to make the folder safe" as soon as I give them the location.
This is probably what they do then - disable the CHMOD public options.
If I understand it right placing my db on the same level as my root folder should basically make it inaccessible for others.
The safety move the tech people offer would then be simply additional precaution against hacking? |
Alfred
The Battle Group
CREDO
|
|
|
|
Topic |
|
Topic Locked
