| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 28873 | 2003-01-03 16:56:00 | They can Hack My Database | sc0ut (2899) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 110757 | 2003-01-03 16:56:00 | Here’s the problem How do I make my access database more secure?? I’m about to hook my ASP website up for the internet. After lots of testing my friend tried to hack my site, the only thing he managed to do was access my Access database. By guessing my database name in the URL he was given an option to [Open] or [Save] my database, thus giving him the content of my data base like member information and passwords. Using Win 2000 Server is there any way to prevent this. Remember my database is constantly written to by new members. Any help or links would be appreciated. Chears |
sc0ut (2899) | ||
| 110758 | 2003-01-03 18:59:00 | Hey 1 - Change your database name to something that no-one will guess. eg: instead of calling it database.mdb call it _database.mdb or 1852dht.mdb 2 - You can set up the database to be password protected. Although (from memory) when you "open" it via Internet Explorer the password part is bypassed, if someone downloads it, they will require the password to open it. Give it a try to find out. 3 - (pretty cheap - but it works) - make your tables hidden. My friend pulled that trick on me once and it took me a while to figure out what he'd done CyberChuck |
cyberchuck (173) | ||
| 110759 | 2003-01-03 19:26:00 | I don't want to do the 1st way because it still isn't fully secure because in asp when an error is genorated they tend to see the name of the database i'll try the other two ways thogh Thanks for the input GTG |
sc0ut (2899) | ||
| 110760 | 2003-01-03 19:54:00 | Hi see this article www.advisor.com plus support.microsoft.com | parry (27) | ||
| 110761 | 2003-01-03 20:00:00 | I hate the way long urls get the link stuffed up. Try... Access FAQ (support.microsoft.com) |
parry (27) | ||
| 110762 | 2003-01-04 04:39:00 | Name it something weird, in an obscure folder as well if possible. Try and stay away from /db or similar. Also turn off directory viewing for that folder. |
-=JM=- (16) | ||
| 110763 | 2003-01-04 04:40:00 | i gather there are passwords and the like stored in database. Try to have them encrpted somehow. | -=JM=- (16) | ||
| 1 | |||||