Welcome to Support

Submit A Support Ticket
How to secure your Database
 

This link below will provide instructions on how to secure your Database or the information is below.

 

LINK #1 ----- http://www.ecommercetemplates.com/help/databases.asp

Setting your database

Once you've got your store published to your server, you may well find that the path to the database is not correct and the database doesn't have write permissions. Below we've outlined the simple steps to take to right these issues.

Title tag Setting the path to your database
The easiest way to do this is by setting up a quck test file and then copying the contents into your db_conn_open.asp file in the vsadmin folder - here's how to do it:

  • Open notepad, copy and paste the following lines of code:
    <HTML>
    <BODY>
    sDSN = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=<%=server.mappath("vsproducts.mdb")%>;"
    </BODY>
    </HTML>
  • Save the file as test.asp
  • Upload this file to your fpdb folder (the one where your database resides)
  • Now open this page in your browser, the URL should be something like www.yourdomain.com/fpdb/test.asp
  • Copy the contents of that page - it should look something like this
    sDSN = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\web\database\vsproducts.mdb;"
  • Open the file db_conn_open.asp in notepad and replace the current content with what you have copied from test.asp - just make sure that you don't delete the opening and closing <% %> tags so your code in db_conn_open.asp should look something like this:
    <%
    sDSN = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\web\database\vsproducts.mdb;"
    %>
  • Upload your new db_conn_open.asp to your server, overwriting the original in the vsadmin folder
  • That should be working fine now and you can check it at www.yourdomain.com/vsadmin/login.asp
  • If you get an error that the test.asp page cannot be found then it is very likely that the page cannot be executed. In that case place the test.asp file in your images folder and browse to yoursite.com/images/test.asp, copy the connection string you get there, paste it into vsadmin/db_conn_open.asp replacing the \images\ in the string with \fpdb\
  • Once you have the database connection set up, check that it is not possible to download it by typing in the URL of the database location in your browser. This will be something like www.yoursite.com/fpdb/vsproducts.mdb - it is very important that your database directory is not browseable. Please check with your host if you have any doubts at all. Most hosts will provide you with a directory below the root of your web with the correct permissions already set.

SECURITY TIP
The best place for your database is outside the web root. Most hosts provide a special folder for this with the database permissions already set. Using a folder outside the web root will make it difficult for anyone to download your database and gain access to your username and password. Otherwise you must set the permissions on your database folder so that your database cannot be downloaded. More information is available here.

 		  
 


 

SECURITY TIP
Rename your database from vsproducts.mdb to a name of your choice, (keeping the .mdb extension of course).
Examples would be (though don't use ours) yourstore591.mdb or database2221.mdb
This will make it harder for anyone to find your database if your database folder permissions are set incorrectly.

 		  
 

 

Title tag Giving your database write permissions
Once that is done it's possible you will see a message that your database doesn't have write permissions. Your host will be able to change this for you but if you are using Frontpage then you can do it yourself like this:

Method 1

  • Open your site live on the server by going to File>New>Web from the top Frontpage menu and typing in the URL of your site, and then giving your name and password.
  • Click once on the fpdb folder to highlight it and then choose File>Import>Add File
  • Browse to where you have yor web on your hard drive and locate vsproducts.mdb in the fpdb folder
  • Import the file, agree to overwrite your curent version, agree to create a connection to the database and give it a name of your choice.
  • And now you should have write permissions for your database.

Method 2

  • Open your site in Frontpage as you would normally on your computer
  • Go to Tools>Web Settings>Database>Add
  • Leave the default setting for the name and then browse to your fpdb folder and select the database vsproducts.mdb
  • Choose "OK" and you're done

If you are using Godaddy as your host the you can follow the steps here

1. Select "settings" from main hosting page (if using Frontpage you will first need to uninstall Frontpage Extensions to view the "Custom directory permissions link").
2. Select "custom directory permissions"
3. Create a new subdirectory called "db" for example and set the permissions to Read and Write.
4. Once that appears in your directory listing, upload the vsproducts.mdb file to the new db folder and then change the connection string in db_conn_open.asp to reflect the new location.