I need Help!!! How can I secure my database on the

Results 1 to 5 of 5

Thread: I need Help!!! How can I secure my database on the

  1. #1
    Jay Horton Guest

    Default I need Help!!! How can I secure my database on the

    I have a database(access) and have it listed in a directory. I have a login page so somone can pullup things strictly for their account only by password and username. The problem is anyone can go and download the entire database if they just no the location, and this database of course has everones password and username(along with address and all). How can I make this all secure? A Javascript, CGI or what? I am trying to also have it on a secure server(SSL). Any help? I cannot get any info out of anyone, I know this is a fairly easy task. Please HELP SOON!!!!!!!

  2. #2
    Gabbar Guest

    Default RE: I need Help!!! How can I secure my database on

    Sure buddy. Its pretty cool.<BR><BR>And simple.<BR><BR>You have to set the AUTH_TYPE header or something in all the html pages relating to the database. This we set to "BASIC" or maybe "NTFA" or somethin to that effect. Give me a day and I&#039ll tell u the exact stuff !!<BR><BR>Also in the IIS MMC, Right Click the Virtual Directory, in its properties, do 2 things :<BR><BR>1. Remove the IUSR_MachineName User ID<BR>2. Uncheck the "Allow Anonymous Logins"

  3. #3
    icabod Guest

    Default FIX:

    You need to do this from IIS.<BR><BR>In your IIS MMC window.. select your website. Find the folder that your DB is in. Right click &#062; Properties.<BR><BR>Ok, now go to the tab that says "Directory Security." Under "Annonymous Access", click on "EDIT".<BR><BR>Uncheck "allow annonymous access".<BR><BR>Users will still have permission to use the database... but the anonymous HTTP account (IUSR_MACHINENAME) will not have HTTP access to that folder.

  4. #4
    J.Horton Guest

    Default RE: FIX:

    Thnx for the info from both of you!! If I uncheck the Ann. box will somone still be able to download the entire database though on their local and open it in access? Or will this block somone from doing that? also I have about 1200 different passwords and login names, will they be able to still open everthing? That sounds very simple, I will try it !

  5. #5
    icabod Guest

    Default RE: FIX:

    Basically, all it does is prevent people from downloading it using simple HTTP and HTTPs (even with HTTPs, the DB was still accessible) protocol.<BR><BR>ex: <BR>http://www.yoursite.com/_yourdatafolder/yourdatabase.mdb<BR>/ typing that would have just asked the person what they waaanted to do with the database (very bad!). Now it would ask for an administrator password (good!).<BR><BR>If someone REALLY wanted to get your database... they could logically crack the password, find a backdoor... yadda yadda yadda..<BR><BR>But at least you&#039re not making it easy. :)<BR><BR>You may still have issues with FrontPage extensions and FTP... but that can be fixed with the latest patches and service packs.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts