How to prevent Access database downloads is an old topic, and there are many discussions online. Here I am just discussing the methods to prevent the Access database from being downloaded. Some are summarizing the previous methods, and some are original by themselves. There may be some incomplete or even incorrect aspects. Everyone is welcome to point out and make progress together.
The current solutions are mainly as follows:
1. Place the database file outside the site directory
2. Set the IIS directory permissions for storing database files to be unreadable (IIS Information Service Management -> Select the directory you need to set -> Right-click -> Properties -> Directory tab -> Cancel Read check box)
3. Adopt ODBC data source
The above three methods are classic and safe, and are suitable for situations where the server can be operated directly (because all three methods require direct operation of the server for setting). Of course, this is also a solution to prevent Access from being downloaded under the ASP platform.
There is another solution under the ASP platform, which is to add a long binary table to the database and then modify the file suffix to .asp. (For details, please refer to the corresponding data table of the Dynamic Network Forum Database)
4. Rename your Access *.asax: Because in the processing mechanism, by default, such requests are directly rejected, and there will be no problems such as the analysis process consumes resources mentioned by Sigui. According to this idea, you can actually rename Access to *.config, *.vb, *.cs, etc.
5. Place your Access in the bin directory at the root of your application (that is, the directory where you place the DLL file): It has been found that IIS is configured by default to deny direct access to files in the bin directory to protect requests for DLLs, and in fact, it also protects other files in the bin directory. However, for this method, some people have raised questions: Will there be such consequences? The assembly will be frequently refreshed when reading and writing the database, and the Session and Application will be continuously lost.
6. (Original by personal) Another method is to use .NET access rights control to achieve the purpose of prohibiting anonymous users from downloading databases, as follows:
Open the configuration file and add the following configuration section under the configuration node:
<location path="DataBase">
<>
<authorization>
<deny users="*" />
</authorization>
</>
</location>
DataBase is the directory where your database files are stored. If it is the root directory, just replace it with <locateon path="~/">. After adding the above configuration, modify the database suffix to .aspx and other file types that need to be parsed by IIS.
Because the <deny users="*" /> statement restricts any anonymous user to access all files that need to be parsed under the path path="DataBase".
Note: Whether in ASP or .NET, use FlashGet to directly change the Access database suffix to .asp and .aspx, or add "#" in front of the file name or add spaces to the file name, and use FlashGet to read it.
The current solutions are mainly as follows:
1. Place the database file outside the site directory
2. Set the IIS directory permissions for storing database files to be unreadable (IIS Information Service Management -> Select the directory you need to set -> Right-click -> Properties -> Directory tab -> Cancel Read check box)
3. Adopt ODBC data source
The above three methods are classic and safe, and are suitable for situations where the server can be operated directly (because all three methods require direct operation of the server for setting). Of course, this is also a solution to prevent Access from being downloaded under the ASP platform.
There is another solution under the ASP platform, which is to add a long binary table to the database and then modify the file suffix to .asp. (For details, please refer to the corresponding data table of the Dynamic Network Forum Database)
4. Rename your Access *.asax: Because in the processing mechanism, by default, such requests are directly rejected, and there will be no problems such as the analysis process consumes resources mentioned by Sigui. According to this idea, you can actually rename Access to *.config, *.vb, *.cs, etc.
5. Place your Access in the bin directory at the root of your application (that is, the directory where you place the DLL file): It has been found that IIS is configured by default to deny direct access to files in the bin directory to protect requests for DLLs, and in fact, it also protects other files in the bin directory. However, for this method, some people have raised questions: Will there be such consequences? The assembly will be frequently refreshed when reading and writing the database, and the Session and Application will be continuously lost.
6. (Original by personal) Another method is to use .NET access rights control to achieve the purpose of prohibiting anonymous users from downloading databases, as follows:
Open the configuration file and add the following configuration section under the configuration node:
<location path="DataBase">
<>
<authorization>
<deny users="*" />
</authorization>
</>
</location>
DataBase is the directory where your database files are stored. If it is the root directory, just replace it with <locateon path="~/">. After adding the above configuration, modify the database suffix to .aspx and other file types that need to be parsed by IIS.
Because the <deny users="*" /> statement restricts any anonymous user to access all files that need to be parsed under the path path="DataBase".
Note: Whether in ASP or .NET, use FlashGet to directly change the Access database suffix to .asp and .aspx, or add "#" in front of the file name or add spaces to the file name, and use FlashGet to read it.