Connecting ASP website to a database online

Forum Moderators: mack

Message Too Old, No Replies

Connecting ASP website to a database online

How to connect to a DB @ http://whatever.com/DB/*.mdb

fwordboy

12:04 pm on Oct 27, 2003 (gmt 0)

I have a Access database, an ASP website that connects to it fine on my home PC but what about when I upload the site and DB to my host?
my connection string links to C:\ASP\*.mdb
I've tried doing changing the string so it points here. [hostaddress...] but it gives the error that C:[etc] isn't valid
doesn't Server.MapPath (sic) simply find out the directory of it on your harddrive?
I am confused, I have searched over and over for this answer and found nothing. Am I missing something, ASP can do this can't it?

Help

punta

5:07 pm on Oct 27, 2003 (gmt 0)

What do you see when you do a Server.MapPath on a file in your host's web space?

aspdaddy

6:04 pm on Oct 27, 2003 (gmt 0)

This works fine for me -

From the root:
Server.MapPath("<foldername>/database.mdb")

From a subfolder
Server.MapPath("/<foldername>/database.mdb")

punta

9:31 am on Oct 28, 2003 (gmt 0)

That means anyone can download your entire database! Putting your database on a public part of your web server is not a wise thing!

DaveN

10:40 am on Oct 28, 2003 (gmt 0)

punta you have lost my a little here aspdaddy is right on the mark, what makes you think that

Server.MapPath("<foldername>/database.mdb") would be a public folder,

Server.MapPath, a SSI function that takes 1 argument, a virtual path, and returns the corresponding physical path, where is the problem in that it all server side.

DaveN

punta

10:49 am on Oct 28, 2003 (gmt 0)

In order for MapPath to work, the file must be below the webroot. In most circumstances this would make the file publically accessable.

You need to put the DB file above the webroot and access it directly. You can use mappath to find out the physical structure of your server and then create a correct path for the database from that, but you can't do it directly unless the DB is below the webroot.

aspdaddy

10:51 am on Oct 28, 2003 (gmt 0)

The usual way is to just secure <foldername> by setting permissions on it.

Most hosting accounts would not allow files o be stored above the web root for security reasons.

punta

11:02 am on Oct 28, 2003 (gmt 0)

I've never had a problem having folders above the webroot with any company. Are you using cheap hosts?

What are the security issues with this?

aspdaddy

4:13 pm on Oct 28, 2003 (gmt 0)

Punta, I'v been hosting sites on NT4/Win2k for over 4 years, cheap hosts, expensive hosts, reseller accounts and they have all provided secure folders for storing data sources (Access/Excel/CSV), or a control panel so you can set this permission yourself.

The security issue is that you are allowing your customers to upload files outside of thier account area.

Maybe your own server or co-located is a different issue as there is only one account, but with shared hosting AFAIK this is the norm.

punta

4:20 pm on Oct 28, 2003 (gmt 0)

The security issue is that you are allowing your customers to upload files outside of thier account area.

Not at all. Why should your account area have to start at the same point as the web root?

I'm not talking about giving full access to the server, just a directory above the web root.