. NET to Prevent Access Database downloads

It is a very old topic to Prevent Access Database downloads. There are also many discussions on the Internet. Here we will only discuss how to Prevent Access Database downloading under ASP. NET, some of which are a summary of previous methods, and some are self-built. There may be imperfections or even errors. You are welcome to point out and make progress together.



Currently, the following solutions are available:



1. Place database files outside the site directory



2. Set the IIS directory permission for storing database files to unreadable (IIS Information Service Management-> select the directory to be set-> right-click-> properties-> Directory tab-> cancel read check box)



3. Use ODBC Data sources



The above three methods are classic and secure, and suitable for direct server operations (because the three methods require direct server operations ), of course, this is also a solution to prevent Access downloading on the ASP platform.







There is also a solution under ASP, that is, to add a long binary table to the database, and then change the file suffix to. asp. (For details, refer to the corresponding data table of the Forum database)



4. rename your Access *. asax: Because ASP. in the processing mechanism of NET, such requests are directly rejected by default, and there are no problems such as the resource consumption in the resolution process mentioned above. According to this idea, you can also rename Access to *. config, *. vb, *. cs, and so on.



5. put your Access in the bin directory under the root of your application (that is, the directory where you placed the DLL file, by default, IIS is configured to deny direct access to files in the bin directory to protect DLL requests. In fact, it also protects other files in the bin directory. However, some people have doubts about this method: Will there be such a consequence? During database read/write, the Assembly will be frequently refreshed, and the Session and Application will be continuously lost?



6. (Personal originality) Another method is to use. NET's access permission control to prohibit anonymous users from downloading the database, as shown below:



Open the configuration file Web. config and add the following configuration under the configuration node:



<Location path = "DataBase">



<System. web>



<Authorization>



<Deny users = "*"/>



</Authorization>



</System. web>



</Location>



DataBase is the directory where your DataBase files are stored. If it is the root directory, use <locateon path = "~ /Database. aspx "> replace. After the above configuration is added, modify the database suffix to. aspx and other file types that need to be parsed by IIS.



Because the <deny users = "*"/> statement limits any anonymous users to access all files to be parsed In the path = "DataBase.







Note: whether in ASP or. NET, directly change the suffix of the Access database. asp and. add "#" or a space in the file name before the file name.