access| Security | security | data | database
Look at the following:
Ok
Most Web sites are now built using asp+access, so simply downloading an Access database can destroy the site!
And a lot of sites do not attach much importance to these, such as the database file name is Data.mdb, and some people think that the extension of the database to change. The ASP is all right,
Fact We can do a test, on their own machine to convert the MDB to ASA or ASP and then use any one of the download tools to download, and then the file name changes to. mdb file can be used! The truth is very simple! IIS only executes content within the <%%>, and the MDB file simply modifies the extension only to allow IIS to be incorrectly displayed in TXT
You can see that if the browser executes ***.asp (Note: This is an MDB database) you will see a lot of garbled, and you open the same with Notepad to see!
There are 4 ways to prevent a database from being downloaded
1: Create a new table in the database, the table name is <%safe, so that IIS in the parsing time will appear 500 errors, the database can not download!
2: In your database file name back door plus # (not extension, such as Name#.mdb) so IIS think you are requesting the default file name in the directory, such as index.asp, if IIS can not find it will issue a 403 prohibit browsing directory error warning!
3: In IIS, the database is located in the directory is not readable, so you can prevent the download! Please be assured that this will not affect the normal use of ASP programs!!
4: Direct use of data Sources (ODBC) so that the database can not be in the Web directory, so as to completely prevent the download, but to do so you must have the server administrator rights, haha, most of the virtual host user is not possible with the data source (ODBC)!