Web Wiz - Solar Powered Eco Web Hosting


Web Wiz Forums Securing Your Access Database


Don't be a victim to a hacker!!

By not securing your Web Wiz Forums Access database a hacker can download the database and use the data from within it to hack your forum.

Follow the simple instructions below to find out how to secure your forums Microsoft Access database.

For security it is highly recommended that you move the location of the Access Database to a folder above the root directory of your website where it can not be accessed using a web browser, good web hosts will have a directory set up for this usually called 'private', 'database', or 'db'.

If you are using Windows 2008 or above then you do not need to secure the Access database as by default Windows 2008 IIS 7 web server is setup to not allow Access files (.mdb files) to be downloaded using a web browser.

For the purposes of this exercise we will presume the tree structure of your website is similar to below:-
Website Tree View
  1. Locate the file Access Icon wwForum.mdb found in the 'database' directory (this is Web Wiz Forums Access Flat File Database).
    database directory
  2. Move the Access Icon wwForum.mdb file to a secure location, usually above the root of your website's public directory on the server, where it can not be accessed using a web browser. Good web hosts will have a directory set up for this usually called 'private', 'database', or 'db'. If you are uncertain of the location of your private database directory contact your web host.
    Move the Access database to the secure folder
  3. Edit, with a text editor, the file 'database_settings.asp' found in the 'database' directory. In this file you will find the following line of code: -
  4. strDbPathAndName = Server.MapPath("database/wwForum.mdb")
    Edit the location of the Access database
  5. Update the path marked in red (database/), to the new path to the database directory Access Icon wwforum.mdb is within. The path needs to be the relative path from the directory you have placed your forum in. (tip: to move up a directory use ../ eg: "../db/wwForum.mdb").
    Example of the location of the Access database
  6. Save the amended file and upload it to your web space overwriting the original 'database_settings.asp' file.



Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Policy

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2024 Web Wiz Ltd. All rights reserved.