Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

include files not safe? 2

Status
Not open for further replies.
stranger123

stranger123

Programmer
Apr 16, 2006
76
GB
Hello,

Say, an include file connection.inc has got something like
"provider=microsoft.jet.oledb.4.0; data source=......;Jet OLEDB:Database Password=......"
If somebody type he will know the secrete (if he can guess the include file name)!

Any idea?
 
Sort by date Sort by votes
If you use an .asp extension for your include files, the script will be processed on the server before anything is sent, and any guessed file names won't provide sensitive data.


Lee
 
Upvote 0 Downvote
Thank you. That is a good idea.
Do you think it is the same idea to use .asp for the .mdb file?
 
Upvote 0 Downvote
thats why it is not a good idea to keep any supporting files in the folder...create a new folder and put all your files there...you can still access them in your code but the outsider has no access to them...

-DNG
 
Upvote 0 Downvote
DotNetGnat,

Are you sure? I have just texted I can access an .asp in the sub-folder by typing the address in the browser.
 
Upvote 0 Downvote
what i meant is this...

lets say i have file called dbconn.inc with all the connections string that include username and password information...

now if i place this file in the inetpub/ folder...

anyone can type it like...


and can see the details...

but lets say i have created a new folder myfiles and put the file there...

now the path would be

inetpub/myfiles/dbconn.inc

so as you can see no outsider can ever reach this folder...they just cant type
hope you got the point...

-DNG
 
Upvote 0 Downvote
Do you think it is the same idea to use .asp for the .mdb file?

You can rename the extension on Access files with .asp for some of the Access drivers. I don't think it works for the Jet driver, though. I might be wrong; it's beena while since I've done this.

What DGN suggests, putting the the mdb and .inc in a folder outside the virtual folder, is the general practice.
 
Upvote 0 Downvote
Thank you for all your suggestions. I am thinking move all files to the folder outside the vertual folder.....See my new post :)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

leifoet
  • Locked
  • Question
Code does not run in Microsoft Edge - it does in Google Chrome
Replies
3
Views
953
leifoet
leifoet
penguinspeaks
  • Locked
  • Question
iis woos (not displaying pages correctly)
Replies
1
Views
544
penguinspeaks
penguinspeaks
leifoet
  • Locked
  • Question
Multi-selection dropdown list does not work
Replies
0
Views
304
leifoet
leifoet
Ambientguitar
  • Locked
  • Question
Issue with this not calling the Sub in Classic ASP page
Replies
5
Views
581
MarkSweetland
MarkSweetland
SitesMasstec
  • Locked
  • Question
Sub-folder does not show green padlock
Replies
8
Views
519
ChrisHirst
ChrisHirst

Part and Inventory Search

Sponsor

Back
Top