Home arrow Web Services arrow Page 2 - Writing Secure Dreamweaver MX Applications

Writing Secure Dreamweaver MX Applications

If you are developing an on-line store you need to protact your data so the information doesn't go in the wrong hands. Read how Macromedia Dreamweaver MX allows you to safely interact with your database.

Author Info:
By: Macromedia Team
Rating: 5 stars5 stars5 stars5 stars5 stars / 2
March 31, 2003
  1. · Writing Secure Dreamweaver MX Applications
  2. · Examining ISAM Databases
  3. · Ensuring Physical Security
  4. · Ensuring Virtual Security
  5. · Ensuring Internal Security

print this article

Writing Secure Dreamweaver MX Applications - Examining ISAM Databases
(Page 2 of 5 )

Indexed Sequential Access Method (ISAM) databases include the popular file-based databases like Microsoft Access, FileMaker, and FoxPro. They are typically self-contained and can be accessed through a driver; they don't need a server application to run them.

They are often created locally and then uploaded to a web server when a connection is made through a Data Source Name (DSN), a hard-coded connection path (DSNless connection), or a server-specific method like Server.MapPath in ASP. ISAM databases are inexpensive and easy to use. They are also easy to compromise if you don't follow a few simple steps to protect them.

First, take care where you store the database file. If at all possible, store the database file in a folder that is above the root of your website on the server. For instance, if the physical path to your website on the web server is c:\websites\mywebsite, then the root folder mywebsite and all the folders underneath it are accessible from a browser.

This means that if you store your database file in the folder c:\websites\mywebsite\database, someone who knew or guessed the name of your file could download it from your site by simply browsing to www.mywebsite.com/database/filename.mdb. Because the server would have no associated program with which to run an MDB file, it would allow the user to download the file.

Second, you can avoid the possibility of a user downloading your database by performing a simple operation that takes advantage of a bug in Windows NT and Windows 2000 Server. Encrypt the database in Access and rename its extension from .mdb to .asp. Then, use the .asp filename in a DSN-less connection. Because the database is encrypted and named with the .asp extension, the ASP server will try to process it as ASP—and will fail and throw an ASP tag error if a user tries to download the file.

Finally, assign your database a username and password. Microsoft Access, for instance, comes with the default username, Admin. Until a password is assigned for the Admin user, none is required. So whenever the database file is accessed, the program assumes that it is to log in the Admin user with a blank password. If someone is able to find and download your database file, there will be nothing stopping that person from opening it and examining your data.

Securing database servers

Database servers are full-featured data store applications like Microsoft SQL Server and Oracle. (I won’t get into middle-ground applications like MySQL but some of the same concepts apply.) There are three things you need to take into consideration when securing applications that run on databases that are accessible to the Internet: physical security, virtual security, and internal security.

blog comments powered by Disqus

- Dealing with Loose Coupling in a Service-Ori...
- Loose Coupling in a Service-Oriented Archite...
- Safety, Idempotence, and the Resource-Orient...
- The Resource-Oriented Architecture in Action
- Features of the Resource-Oriented Architectu...
- The Resource-Oriented Architecture
- Getting Started with Flex
- Automated Billing and Faxing for the Web
- An Introduction to Web Services
- The Foundations of Web Services: From Novice...
- Web Services Reengineering: Finishing Touches
- Fault Handling with Web Services
- Flow and Web Services
- Process Lifecycles and Web Services
- Business Processes and Web Services

Watch our Tech Videos 
Dev Articles Forums 
 RSS  Articles
 RSS  Forums
 RSS  All Feeds
Write For Us 
Weekly Newsletter
Developer Updates  
Free Website Content 
Contact Us 
Site Map 
Privacy Policy 

Developer Shed Affiliates


© 2003-2019 by Developer Shed. All rights reserved. DS Cluster - Follow our Sitemap
Popular Web Development Topics
All Web Development Tutorials