hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Web Hosting Talk Tutorials : Hosting Security and Technology Tutorials : Helping Newbie to set password on Microsoft access and a little scripting please
Reply

Forum Jump

Helping Newbie to set password on Microsoft access and a little scripting please

Reply Post New Thread In Hosting Security and Technology Tutorials Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 03-02-2005, 01:18 PM
GlennWatson GlennWatson is offline
Newbie
 
Join Date: Feb 2005
Posts: 13
*

Helping Newbie to set password on Microsoft access and a little scripting please


Hello,

We would like to set password to our microsoft access database, but everytime we tried to put password on it, our whole web page is unable to loads, maybe we have done it wrongly.

FYI, our website is running in asp, and we host under plesk platform, anyone could shed some light on this script to put our own password would be very much appreciated.

oConn.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;" & _
"Data Source=" & server.MapPat("Cart.mdb")

Also, how do we set password on our database, so when ppl type mydomain.com/cart.mdb , they wont download the whole database without the permision. I have set the password by the above steps, but when i type mydomain.com/cart.mdb, i can still download the whole databse without restriction. here is my steps to set password, please coreect if wrong.
1. open exclusively
2. tools> security> set database password
3. upload it to my ftp

The reason we need to set password as soon as possible is that our database is subortouch by someone, the products on our site is always not complete, as someone is deleting our product. And we suppose this is someone from the web deveopment company, as they know that we do not have any password to access to our database, and in database they are able to get our password to admin login, which is very bad.

Thank you for helping guys



Sponsored Links
  #2  
Old 03-20-2005, 10:52 AM
cosmotek cosmotek is offline
Newbie
 
Join Date: Apr 2001
Location: Florida
Posts: 21
There are several things that you should consider doing to secure your database, but I am not sure if you are able to make such configuration changes, and if your host provides such support. Here are some good recommendations, however:

1) After setting the password on the access database, make sure that you are prompted for a password next time you open the database, that way you know your password is in effect. Upload your database via FTP, and make sure that you can not transfer it via HTTP. The anonymous internet user should not have full privileges for accessing this file. What looks like you are missing is the username and password in your datasource. MAKE SURE TO SPECIFY YOUR PASSWORD IN YOUR DSN! This is why your site "breaks" when you set a password.
oConn.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0; " & _
"Data Source=" & Server.Mappath("Cart.mdb") & ";" & "Jet OLEDBatabase Password=mypassword"

2) The best practice is to put your database outside of the web folder so that it is not accessible via HTTP (only by FTP and your script). Make sure that your script supports access to the database via a direct path or DSN. If your website is under "yourdomain\http" put the file under "yourdomain\database". Again, this is host-dependent, so there is no way to know what your folder architecture will look like. Keeping the database outside of the web folder makes it virtually impossible for someone to access the database via the web browser.

3) If you decide to keep the database in the web folder, you can change the mappings on the .MDB file type to be handled by a scripting engine (if you have these permissions). This will effectively prevent someone from downloading the database by simply entering the URL. Instead, the database will be opened by a script processor, and garbage will be produced.

4) If you suspect your web development company has access to the file, change all your login information! If they are the ones hosting your website, change your host immediately since you feel they can't be trusted.

Don't neglect the fact that your software may have security holes in it that allow people to make changes, or that your admin section for your site has a weak password that someone figured out.

Hope this helps.

__________________
Oliver
CosmoTek.net Network Services
-->www.cosmotek.net
-->sales@cosmotek.net

Reply

Related posts from TheWhir.com
Title Type Date Posted
Leaked Documents Implicate Microsoft in Giving Government Agencies Access to Cloud, Email, VoIP Data Web Hosting News 2013-10-11 11:46:33
OVH Urges Customers to Change Passwords Following Multi-Stage Attack Web Hosting News 2013-07-24 11:17:01
McAfee Adds Cloud Single Sign-On, One Time Password Web Hosting News 2013-04-25 16:49:35
Windows Azure Offers Active Directory in General Availability Web Hosting News 2013-04-09 14:09:20
Dropbox says Security Breach Caused by Stolen Employee Password Web Hosting News 2012-08-01 15:28:15


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?