Welcome to WebmasterWorld Guest from 54.145.166.96

Forum Moderators: brotherhood of lan & mack

Message Too Old, No Replies

Connecting ASP website to a database online

How to connect to a DB @ http://whatever.com/DB/*.mdb

   
12:04 pm on Oct 27, 2003 (gmt 0)

10+ Year Member



I have a Access database, an ASP website that connects to it fine on my home PC but what about when I upload the site and DB to my host?
my connection string links to C:\ASP\*.mdb
I've tried doing changing the string so it points here. [hostaddress...] but it gives the error that C:[etc] isn't valid
doesn't Server.MapPath (sic) simply find out the directory of it on your harddrive?
I am confused, I have searched over and over for this answer and found nothing. Am I missing something, ASP can do this can't it?

Help

5:07 pm on Oct 27, 2003 (gmt 0)

10+ Year Member



What do you see when you do a Server.MapPath on a file in your host's web space?
6:04 pm on Oct 27, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



This works fine for me -

From the root:
Server.MapPath("<foldername>/database.mdb")

From a subfolder
Server.MapPath("/<foldername>/database.mdb")

9:31 am on Oct 28, 2003 (gmt 0)

10+ Year Member



That means anyone can download your entire database! Putting your database on a public part of your web server is not a wise thing!
10:40 am on Oct 28, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



punta you have lost my a little here aspdaddy is right on the mark, what makes you think that

Server.MapPath("<foldername>/database.mdb") would be a public folder,

Server.MapPath, a SSI function that takes 1 argument, a virtual path, and returns the corresponding physical path, where is the problem in that it all server side.

DaveN

10:49 am on Oct 28, 2003 (gmt 0)

10+ Year Member



In order for MapPath to work, the file must be below the webroot. In most circumstances this would make the file publically accessable.

You need to put the DB file above the webroot and access it directly. You can use mappath to find out the physical structure of your server and then create a correct path for the database from that, but you can't do it directly unless the DB is below the webroot.

10:51 am on Oct 28, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



The usual way is to just secure <foldername> by setting permissions on it.

Most hosting accounts would not allow files o be stored above the web root for security reasons.

11:02 am on Oct 28, 2003 (gmt 0)

10+ Year Member



I've never had a problem having folders above the webroot with any company. Are you using cheap hosts?

What are the security issues with this?

4:13 pm on Oct 28, 2003 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



Punta, I'v been hosting sites on NT4/Win2k for over 4 years, cheap hosts, expensive hosts, reseller accounts and they have all provided secure folders for storing data sources (Access/Excel/CSV), or a control panel so you can set this permission yourself.

The security issue is that you are allowing your customers to upload files outside of thier account area.

Maybe your own server or co-located is a different issue as there is only one account, but with shared hosting AFAIK this is the norm.

4:20 pm on Oct 28, 2003 (gmt 0)

10+ Year Member



The security issue is that you are allowing your customers to upload files outside of thier account area.

Not at all. Why should your account area have to start at the same point as the web root?

I'm not talking about giving full access to the server, just a directory above the web root.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month