[thelist] ASP Security with Access and NT directories

[Anthony Baratta]

At 09:11 PM 4/12/2002, Amy Johnson wrote:

>In my first site, I'm using ASP to interface with an ACCESS database.  I
>can not figure out how to password protect the MSACCESS
>database and then successfully send the username/password via ASP to open
>the database (i.e. what is the Visual Basic ASP syntax for
>opening the secured database??)

Use something like this in your connect string. I setup an ODBC DSN first
then call it thus:

     DB_Connect_String = "Data Source=DSN_Name;UID=UserName;Pwd=Password;"
     Set objDB_Connection = Server.CreateObject("ADODB.Connection")
         objDB_Connection.Open DB_Connect_String


>In another site that I am in the process of developing, I will be
>uploading files using ASPSimpleUpload with an ASP script.  My
>system administrator said he will need to secure the NT directory for the
>uploaded files with a password.  How will I code the
>username/password of the directory into my ASP code?

Make sure you understand what the Admin is going to setup. It sounds like
we wants to setup the directory with a web based password, which mean he's
expecting you to require someone to "login" first before they can upload
the file. The reason he is worried about that is he is going to have to
make the target directory writable for the web server, which increases his
"risk".

One way to change this up, is to setup the receiving directory to be
"outside" the web root of your site, so the web server does not have direct
"access" to this location - only programmatically via your ASP.

What type of files are going to be uploaded? It maybe worth it to add some
extra code to your upload script to make sure that all the files uploaded
have the proper extensions before they are written to the hard drive, as
well as, checking the file name to make sure it's not "funky".
---
Anthony Baratta
President
Keyboard Jockeys

"Conformity is the refuge of the unimaginative."