Server.MapPath connection string question.

D

Dave

I have two sites:

www.site_A.com & www.site_A_news.com

Site_A is in d:\webs\site_a & uses an Access DB in
d:\webs\site_a\data\db.mdb

Site_A_news is in d:\webs\site_a\site_a_news also requires access to
that Access Database.

How should I setup the connection string so both webs can share the same
database?
 
T

TomB

I assume this is the same server since you didn't say otherwise.
site_a should continue as is.
site_a_news should use D:\webs\site_a\data\db.mdb in its connection string.

A different (likely better) solution would be to move the database to
d:\database\db.mdb and both site_a and site_a_news can get to it from there.

MSDE would likely be even better.

TomB
 
D

Dave

Yes, same server - sorry. And I agree, MSDE would be better, but I do
not have that option at the moment.

Right now, I have both setup to use the full path
D:\webs\site_a\data\db.mdb in their connection strings...

Any reason why I should NOT do that?

Why do many example of DSN Less connection strings use Server.MapPath?

Any performance gains by doing that? Security considerations?
 
D

Dave

Yes, same server - sorry. And I agree, MSDE would be better, but I do
not have that option at the moment.

Right now, I have both setup to use the full path
D:\webs\site_a\data\db.mdb in their connection strings...

Any reason why I should NOT do that?

Why do many example of DSN Less connection strings use Server.MapPath?

Any performance gains by doing that? Security considerations?
 
T

TomB

The downside to having your database within your site, is that a user could
type in the url to the database and download it.
http://site_a/data/db.mdb
To fix, you can rename the database db.asp

I think the main reasons for using Server.MapPath are
a) if it's sample code they don't know where you are going to put it
b) if you move the site to a new server, or a new directory, the link is
relative so it won't break.

Tom B
 
D

Dave

Thanks Tom.

One final question.. how could the web user download the db? How would
(could) they find out the path?
 
T

TomB

Usually just by sheer luck.
However, other things can happen.

a) Perhaps a user hits an error and the error message says something that
gives it away.
b) Your asp page doesn't get processed for some reason, and the source code
is displayed instead.
c) You accidentally allow directory browsing and don't have a default page.
d) Good guesswork.
e) Once a person posted a question on a newsgroup with their real email
address (the usual NOSPAM was in there) and because of the information they
provided, their database could easily have been downloaded. Note I've seen
this with SQL too, people posting straight from their source with IP of
their server, username and password. Invariably it's sa.

All in all it's pretty unlikely to happen. But it could.
TomB
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

SQL connection string 2
Survey details won't go through using php, ajax, Mysql 0
ASPNET Access Connection String Question 5
ADODB connection string on SBS 2008 5
HTTP Error 500 2
Python client/server that reads HTML body from server 1
Beginner's Guide to getting CipherSweet working with PDO and MYSQL 1
Proxy connection with Python 0

Members online

No members online now.
Total: 37 (members: 0, guests: 37)
Robots: 219

Forum statistics

Threads
473,756
Messages
2,569,535
Members
45,008
Latest member
obedient dusk

Latest Threads

Top