Security of APP_Data Folder in ASP.NET

假如想象 提交于 2019-12-01 23:37:29

问题


My Microsoft Access DB file is in APP_DATA folder. my server is Windows 2003 and I like to know how is the best way to protect this file.

so which one is safer ?

./wwwroot/App_data/Database.mdb

or

./db/Database.mdb


回答1:


Both methods are safe in the sense that the file won't get served to a remote client (unless you create a virtual path to the db folder. Files not served from a site are governed by the httpHandlers section in web.config:

<add path="*.mdb" verb="*" type="System.Web.HttpForbiddenHandler" validate="True" />

Any file type added here with type=HttpForbiddenHandler will not be served.

Where to put the Access file is a matter of taste and access. If you put it outside of your site i.e. in the db folder you will have to set up permissions for the application account you're using for your site/app. Placing it within the App_Data folder you're set to go. Also, if you're in a hosting environment you might not be able to place you're Access file outside of the site folder.

My 2 cents: go for the App_Data folder.

.håkan




回答2:


Visitors cant download your mdb file, if mdb file in App_Data folder. But visitors can download your mdb file, if mdb file in db folder.

If you want to put your mdb file in db folder, you have to set securty permission for this folder.



来源:https://stackoverflow.com/questions/4624347/security-of-app-data-folder-in-asp-net

标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!