Security for Database on Server?

Hi,

I have an online system using ASP which uses a database on the server to verify usernames and passwords and also stores system settings. I need to be able to write to the database to update settings and also need to read to get the values out to display or check.

I have this setup and working fine the problem is if I enter the url to the database into a browser I can download the file.

How would I go about making the database read and writable by the asp pages on the server but not downloadable?


Any help would be most appreciated

Thanks

Echo

Just place the database in a directory which isn't accessible from the Internet, ie: a directory above the website directory. Then, access the database with one extra "../" in the path.

Thanks that works fine

You may want to let an ISAPI filter map your users to NT accounts on the
fly instead of doing it in ASP. Depending on your needs, it may make life easier for you.

http://www.bestcode.com/html/bcauthenticate.html

bcAuthenticate is an ISAPI based Authentication filter for IIS 4,5,6.
It allows you put userid passwords in a database and manage them
individually instead of relying on Windows NT accounts. It uses ODBC
to access the database and map the users to NT accounts. It also caches
them in memory for specified amount of time so it is fast. It has a GUI admin
also.

Regards,
g.