| 5:07 pm on Oct 27, 2003 (gmt 0)|
What do you see when you do a Server.MapPath on a file in your host's web space?
| 6:04 pm on Oct 27, 2003 (gmt 0)|
This works fine for me -
From the root:
From a subfolder
| 9:31 am on Oct 28, 2003 (gmt 0)|
That means anyone can download your entire database! Putting your database on a public part of your web server is not a wise thing!
| 10:40 am on Oct 28, 2003 (gmt 0)|
punta you have lost my a little here aspdaddy is right on the mark, what makes you think that
Server.MapPath("<foldername>/database.mdb") would be a public folder,
Server.MapPath, a SSI function that takes 1 argument, a virtual path, and returns the corresponding physical path, where is the problem in that it all server side.
| 10:49 am on Oct 28, 2003 (gmt 0)|
In order for MapPath to work, the file must be below the webroot. In most circumstances this would make the file publically accessable.
You need to put the DB file above the webroot and access it directly. You can use mappath to find out the physical structure of your server and then create a correct path for the database from that, but you can't do it directly unless the DB is below the webroot.
| 10:51 am on Oct 28, 2003 (gmt 0)|
The usual way is to just secure <foldername> by setting permissions on it.
Most hosting accounts would not allow files o be stored above the web root for security reasons.
| 11:02 am on Oct 28, 2003 (gmt 0)|
I've never had a problem having folders above the webroot with any company. Are you using cheap hosts?
What are the security issues with this?
| 4:13 pm on Oct 28, 2003 (gmt 0)|
Punta, I'v been hosting sites on NT4/Win2k for over 4 years, cheap hosts, expensive hosts, reseller accounts and they have all provided secure folders for storing data sources (Access/Excel/CSV), or a control panel so you can set this permission yourself.
The security issue is that you are allowing your customers to upload files outside of thier account area.
Maybe your own server or co-located is a different issue as there is only one account, but with shared hosting AFAIK this is the norm.
| 4:20 pm on Oct 28, 2003 (gmt 0)|
|The security issue is that you are allowing your customers to upload files outside of thier account area. |
Not at all. Why should your account area have to start at the same point as the web root?
I'm not talking about giving full access to the server, just a directory above the web root.