Excerpted from CF Advisor, July 1999.

Be Careful in Placement of Database Files:

If you're using Microsoft Access as the datasource for a CF application, you should be very careful about the placement of that database file (the .mdb file) on your web server. It's very tempting to simply place it in the same directory as the application's CF templates, but this would be a potentially grave mistake. If someone can determine (or guess) the name of the file, they can download it very easily via their browser by entering a URL with that directory and file name. The risk to your data, especially any privacy data, is substantial!

The simple solution is to place the file anywhere else on the web server which is not a web-accessible directory. Keep in mind that the database needs only to be accessed by the CF server, not by a browser user directly. The datasource definition in the CF administrator can find the file anywhere on the CF server. There's no benefit--and this tremendous risk--in placing the file in a web accessible directory.

Tips Contents:

| Home | ColdFusion | Articles | Presentations
| User Groups | Other Resources | Press Releases | Company

© 1998-2024, Charles Arehart, SysteManage
Our Practice Makes You Perfect