Results 1 to 9 of 9

Thread: Password Database

  1. #1
    Join Date
    Dec 2004
    Posts
    46
    Rep Power
    0

    Default Password Database

    I'm trying set up a website, and i want to create a section for user's to register using a MS Access Database, i think i can get that done, but i dont know how safe the database will be on the website. How can i prevent access to the database users outside the website? Can anyone help?

  2. #2
    Join Date
    Sep 2004
    Posts
    356
    Rep Power
    0

    Default

    Quote Originally Posted by Simpleyute View Post
    I'm trying set up a website, and i want to create a section for user's to register using a MS Access Database, i think i can get that done, but i dont know how safe the database will be on the website. How can i prevent access to the database users outside the website? Can anyone help?
    Your really is a simple yute.

    The database can only be access directly from the database server but using ASP you can pull data from your database from any table you choose from.

  3. #3
    Join Date
    Dec 2004
    Posts
    46
    Rep Power
    0

    Default

    I thought that would be the case, but when i typed the path of the database in my browser along with the database file name it downloaded the database. I'm using a free we host, don't know if thats the problem.

  4. #4
    digimon Guest

    Default

    Quote Originally Posted by Simpleyute View Post
    I'm trying set up a website, and i want to create a section for user's to register using a MS Access Database, i think i can get that done, but i dont know how safe the database will be on the website. How can i prevent access to the database users outside the website? Can anyone help?
    if u using asp.net, u can do this first hash the password they submit to u in md5 for privacy then store that into the DB.

    u need to then use an sql insert statement and assign that to the sqlcommand

    am i making it clear? if not do a search on google for asp.net databinding

  5. #5
    Join Date
    Dec 2004
    Posts
    46
    Rep Power
    0

    Default

    Well i dont think im using asp.net, its just asp which i learned from w3schools.com and its like VB so it was pretty easy to learn since i did VB before, but im going to check on that md5 hash to see if it could work with what im doing. So far i know its some kind of encryption, but i dont really know how it works. Are all online databases like that, in that it can be accessed once you know that path of the database?

  6. #6
    Join Date
    Sep 2003
    Posts
    603
    Rep Power
    0

    Default

    store the Database in one directory higher than the www root directory. that should solve your security concerns.
    easiparcel.com Shop online and ship to Jamaica

  7. #7
    Join Date
    Apr 2003
    Posts
    13,269
    Rep Power
    34

    Default

    Quote Originally Posted by MadHacker View Post
    Your really is a simple yute.

    The database can only be access directly from the database server but using ASP you can pull data from your database from any table you choose from.
    What? Mad, she is using an Access database. Access databse doesn't have a database server.

    Quote Originally Posted by digimon View Post
    if u using asp.net, u can do this first hash the password they submit to u in md5 for privacy then store that into the DB.

    u need to then use an sql insert statement and assign that to the sqlcommand

    am i making it clear? if not do a search on google for asp.net databinding
    But how does this protect persons from downloading her database with other sensitive info in it?

    Quote Originally Posted by CGPGroup View Post
    store the Database in one directory higher than the www root directory. that should solve your security concerns.
    This is the best way to protect your database. If you don't have access to folders above your www folder (or the folder that contains your website), then here is another trick you can use.

    1. Rename your database to something cryptic. Like s54n2d1fqa541a.mdb.
    2. For added security, you can rename the file extension of your database to .asp. So you would now have s54n2d1fqa541a.asp. This would prevent persons from downloading the database using their browser, even if they guessed the database cryptic name and path. Because the web server doesn't allow persons to download .asp files.

    You will still be able to access the database from your asp file. Just make sure you put the correct name of the database in your connection string.
    "The best software is the one that fits your needs." - A_A

    Virus free since: date unknown
    Anti-virus free since: August 2008

  8. #8
    Join Date
    Dec 2004
    Posts
    46
    Rep Power
    0

    Default

    thanx for the suggestions i think i will rename the database with some weird name and try to encrypt the passwords. i dont have access to the folder above my root folder with the free asp webhost i'm using www.nofeehost.com, maybe when i start using a paid host i'll get that. when im done with the site i'll post the link.

  9. #9
    digimon Guest

    Default

    Quote Originally Posted by Arch_Angel View Post
    What? Mad, she is using an Access database. Access databse doesn't have a database server.

    But how does this protect persons from downloading her database with other sensitive info in it?

    This is the best way to protect your database. If you don't have access to folders above your www folder (or the folder that contains your website), then here is another trick you can use.
    sorry, i never read it properly

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •