| Author |
 Topic  |
|
|
dansharpe
Starting Member
1 Posts |
 Posted - 30 July 2007 : 09:54:08
|
Hi
When i go to the admin options on my forum, it tells me that the location of my database is insecure, and to move it to a secure URL location. Does anyone know what an example of a secure URL location would be?
Thanks |
|
|
JJenson
Advanced Member
USA
2121 Posts |
Posted - 30 July 2007 : 10:23:53
|
| My guess is that you have your mdb file in the same directory as your forum is. It is much safer to make a folder in that directory and put your .mdb file in there. I believe that is what the message is telling you. |
 |
|
|
pdrg
Support Moderator
United Kingdom
2897 Posts |
Posted - 30 July 2007 : 13:50:31
|
| Interesting - Jeff is probably right, and your host will probably be able to provide you with a secure db folder/location (often a folder with restricted prioveleges called /db or somesuch) - ask your host what their suggestion is, this is everyday bread-and-butter work to them :-) |
|
|
|
Shaggy
Support Moderator
Ireland
6780 Posts |
Posted - 31 July 2007 : 04:15:08
|
Even without your host providing a secure directory for your database, there are a few steps you can take to ensure people won't be able to access it.
1) Create your own directory for it, doesn't matter whether it's within your forum directory or not, and give that directory a name made up of random characters.
2) Change the name of your database so that it is also made up of a sequence of random characters, preferably not the same as above.
3) Change the file extension of your database from .mdb to .asp.
Obviously, any changes you make will need to be reflected in your connection string in config.asp and you'll have to change the extension back to .mdb if you need to open the database offline.
|
 Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.” |
|
|
|
gary b
Junior Member
USA
267 Posts |
Posted - 05 August 2007 : 22:25:33
|
quote:
Originally posted by Shaggy
Change the file extension of your database from .mdb to .asp.
Obviously, since you stated this, you must know it is true. Never thought about doing that.
Is the reason you can change the extension because you are not 'opening' the file (program associated with the extension runs, loads file) but connecting to it? The SQL works because it doesn't know or care what the extension is??
Neat! Thanks for the tip!
|
|
|
|
pdrg
Support Moderator
United Kingdom
2897 Posts |
Posted - 06 August 2007 : 12:14:42
|
| Jet will attempt to open the file and as long as it can, it should be fine, regardless of extension. Similarly, if you want to open the db in Access again, either rename the extension back to .mdb, or open the file from within Access itself (file|open|all files|...) as opposed to double-clicking on it |
|
|
| |
Topic |
|
Topic Locked
