Security of APP_Data Folder in ASP.NET
My Microsoft Access DB file is in APP_DATA folder. my server is Windows 2003 and I like to know how is the best way to protect this file. so which one is safer ? ./wwwroot/App_data/Database.mdb or ./db/Database.mdb Both methods are safe in the sense that the file won't get served to a remote client (unless you create a virtual path to the db folder. Files not served from a site are governed by the httpHandlers section in web.config: <add path="*.mdb" verb="*" type="System.Web.HttpForbiddenHandler" validate="True" /> Any file type added here with type=HttpForbiddenHandler will not be served.