Prevent Access databases from downloading in ASP.

Source: Internet
Author: User
Tags ole sql server express connectionstrings
How to prevent Access database download is a very old topic, online discussion is also more. Here we give several ways to prevent Access databases from being downloaded under ASP.

Here we assume that the Access database name is Test.mdb.

1. Put the database outside the Web directory

If your site directory is D:\www, you can put the database in D:\data this folder, and then modify the site program in the database connection string address section is: "D:\data\test.mdb", so that the database can be called normally, but cannot download, because it is not in the site directory.

Assume that you configure the database connection string in Web. config. For example:

        <add name="Access" connectionString="Provider=Microsoft.Jet.OLEDB.4.0;data source=d:\data\test.mdb" providerName="System.Data.OleDb" />

2. Put the database under the App_Data system folder

Starting with the. Net2.0, there is a App_Data directory dedicated to storing data files, which can be used to Access,sql Server Express, XML and other data files. The benefit of putting the database file into the App_Data folder is to prevent it from being downloaded. The file location for the connection string database can use the DataDirectory key to represent its physical path, thus eliminating the need to use the Server.MapPath () conversion when getting the connection string.

Assume that you configure the database connection string in Web. config. For example:

        <add name="Access" connectionString="Provider=Microsoft.Jet.OLEDB.4.0;data source=|DataDirectory|test.mdb" providerName="System.Data.OleDb" />

| Datadirectory| is the representative App_Data folder.

3. Renaming database files

Rename your Access to *.asax: Because of the processing mechanism of ASP., by default, the request is rejected directly. According to this idea, you can also rename Access to *.config,*.vb, *.cs, and so on.

4. Configure IIS to Add. mdb file type mappings

To add an extension mapping for an. mdb this method is implemented by modifying the IIS settings. It takes only 2 steps.

1. Configure IIS to map the. mdb file type to the ASP. NET ISAPI.

In Windows 2003, for example, click Start-run-enter inetmgr and open Internet Services Manager. Right-click on a Web site-click Properties to pop Up the properties dialog box for this site. Click on the "Home Directory" tab and click on the "Configure" button to display the "Application Configuration" dialog box. Click "Add" to add a map, a dialog box will be displayed for you to enter the executable file: "C:\WINDOWS \ \framework \v2.0.50727 \aspnet_isapi.dll"; Enter the extension: ". mdb ”。 As shown

2. Configure the ASP. Net. config file to map the. mdb file type to the HttpForbiddenHandler HTTP handler.

Causes the ASP. mdb file type to be mapped to an httpforbiddenhandler HTTP handle. In order to achieve this step, the following configuration must be added to the Web. config file

            <add verb = "*" path = "*. mdb" type = "System.Web.HttpForbiddenHandler" />
   </ httpHandlers>
5. Add ACCESS anti-download field

The principle of this method is: change the extension of the database into .aspx format, and when accessing this file from a remote location, the IIS server will execute it as an aspx program, and we previously inserted "<%" in the ACCESS database Symbol, and the program must be executed in the "<%%>" tag, so a 500 error of "missing script close tag" will appear, and others will not be able to download the ACCESS database. It is useless to simply add "<%" in the text or remarks field of the database, because ACCESS will process the content in it, and it will exist in the form of <% in the database, which is invalid! The correct way is to store <% in the OLE object field. Methods as below:

1. Create a table first, and enter the following in the SQL command window: "create table [notdown] ([notdown] oleobject)"

Then click "!" (Run) in the toolbar, this will create a "notdown" table in the current database, where the field name is "notdown" and the field type is "OLE object". 1

2. Change the content in the SQL query window to the following command: "insert into [notdown] (notdown) values (0x3C25)"

This sentence means to insert "0x3C25" data into the "notdown" field of the "notdown" table ("0x3C25" is the hexadecimal of the character "<%"). 2

After the execution is complete, look at the "tables" in the database again, and you will find that there is an additional "notdown" table, and the field displays "long binary data" after opening. 3 The anti-download data sheet that has been made here is notdown, you can directly download and paste it into your database to use. notdown data sheet

Tip 1: Regardless of whether it is an ASP website or an ASP.NET website, for directly changing the Access database suffix to .asp and .aspx, download tools such as FlashGet are used correctly and cannot prevent downloading.
Tip 2: The fifth method is usually used in the ASP + ACCESS website.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.