Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Help Groups for Snitz Forums 2000 Users
 Help: General / Classic ASP versions(v3.4.XX)
 Changing permissions in the ASP files		  New Topic  Topic Locked
 Printer Friendly
Previous Page
Author Previous Topic Topic Next Topic
Page: of 2

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 15 July 2009 :  17:40:50  Show Profile  Send ruirib a Yahoo! Message
quote:
Originally posted by KC

I think your DB name is fine, and you don't need to MOVE your DB there, just COPY it and try it out.
Trial and error with a copy, if it works you are good to go ;-}

Just make sure your host has DB turned on is all.
Many don't default to it.

KC, did you even bother to read the posts? The problem with the name is that it is known by the rogue admin, so if the folder where the DB is located is public, the file name SHOULD BE CHANGED. So please make sure the advice you give won't cause problem to the users!

Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

Shaggy
Support Moderator

Ireland
6780 Posts
Posted - 16 July 2009 :  04:20:12  Show Profile
If your host doesn't allow you to place the database in a directory above the root directory, as well as changing the name, you should also consider changing the extension from *.mdb to *.asp. This way, even if somebody does manage to guess the name and location of your database, they won't be able to download it as your server will try to serve it up as an ASP page.
Search is your friend
“I was having a mildly paranoid day, mostly due to the
fact that the mad priest lady from over the river had
taken to nailing weasels to my front door again.”
Go to Top of Page

itsameitsameolord
Starting Member

USA
12 Posts
Posted - 24 July 2009 :  20:02:02  Show Profile
Thanks I'll give it a go and see if I screw it up.
":<)
Go to Top of Page

itsameitsameolord
Starting Member

USA
12 Posts
Posted - 24 July 2009 :  20:59:26  Show Profile
Done deal. and the site still works.

will wonders never cease.

===============

Now THIS will keep somebody from downloading the file by FTP
because they do not know the actual file name, is that right?

===================
":<)
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 24 July 2009 :  21:53:52  Show Profile  Send ruirib a Yahoo! Message
Not By FTP, by HTTP. With FTP, they can browse folders and check what files are there, and would be easy to guess the file to download... or they can just check config.asp.

You need to stop FTP access to anyone who shouldn't have it. The rogue admin can restore his own access through that, if you are suspicious he retains FTP access.

Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page
Page: of 2 Previous Topic Topic Next Topic  
Previous Page
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.64 seconds. Powered By: Snitz Forums 2000 Version 3.4.07