homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / WebmasterWorld / New To Web Development
Forum Library, Charter, Moderators: brotherhood of lan & mack

New To Web Development Forum

Connecting ASP website to a database online
How to connect to a DB @ http://whatever.com/DB/*.mdb

 12:04 pm on Oct 27, 2003 (gmt 0)

I have a Access database, an ASP website that connects to it fine on my home PC but what about when I upload the site and DB to my host?
my connection string links to C:\ASP\*.mdb
I've tried doing changing the string so it points here. [hostaddress...] but it gives the error that C:[etc] isn't valid
doesn't Server.MapPath (sic) simply find out the directory of it on your harddrive?
I am confused, I have searched over and over for this answer and found nothing. Am I missing something, ASP can do this can't it?




 5:07 pm on Oct 27, 2003 (gmt 0)

What do you see when you do a Server.MapPath on a file in your host's web space?


 6:04 pm on Oct 27, 2003 (gmt 0)

This works fine for me -

From the root:

From a subfolder


 9:31 am on Oct 28, 2003 (gmt 0)

That means anyone can download your entire database! Putting your database on a public part of your web server is not a wise thing!


 10:40 am on Oct 28, 2003 (gmt 0)

punta you have lost my a little here aspdaddy is right on the mark, what makes you think that

Server.MapPath("<foldername>/database.mdb") would be a public folder,

Server.MapPath, a SSI function that takes 1 argument, a virtual path, and returns the corresponding physical path, where is the problem in that it all server side.



 10:49 am on Oct 28, 2003 (gmt 0)

In order for MapPath to work, the file must be below the webroot. In most circumstances this would make the file publically accessable.

You need to put the DB file above the webroot and access it directly. You can use mappath to find out the physical structure of your server and then create a correct path for the database from that, but you can't do it directly unless the DB is below the webroot.


 10:51 am on Oct 28, 2003 (gmt 0)

The usual way is to just secure <foldername> by setting permissions on it.

Most hosting accounts would not allow files o be stored above the web root for security reasons.


 11:02 am on Oct 28, 2003 (gmt 0)

I've never had a problem having folders above the webroot with any company. Are you using cheap hosts?

What are the security issues with this?


 4:13 pm on Oct 28, 2003 (gmt 0)

Punta, I'v been hosting sites on NT4/Win2k for over 4 years, cheap hosts, expensive hosts, reseller accounts and they have all provided secure folders for storing data sources (Access/Excel/CSV), or a control panel so you can set this permission yourself.

The security issue is that you are allowing your customers to upload files outside of thier account area.

Maybe your own server or co-located is a different issue as there is only one account, but with shared hosting AFAIK this is the norm.


 4:20 pm on Oct 28, 2003 (gmt 0)

The security issue is that you are allowing your customers to upload files outside of thier account area.

Not at all. Why should your account area have to start at the same point as the web root?

I'm not talking about giving full access to the server, just a directory above the web root.

Global Options:
 top home search open messages active posts  

Home / Forums Index / WebmasterWorld / New To Web Development
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved