2. ASPRunnerPro General questions
  3. Security
This topic is locked

Security

 		1/16/2007 11:27:41 AM
ASPRunnerPro General questions
garydee author

Just a basic question guys - I've used ASPRunner for a couple of projects now just to allow clients to update a simple access database for the content on their sites.
Just wondering if how I publish my pages are secure enough and the application as a whole is pretty secure - I suppose everything is just a password away from being unsecure.
I put my databases in a private folder above the root of my sites - so its can;t be directly linked off the address bar - so its pretty secure.
I put my ASPRunn generated pages just in a normal folder off the root for example - www.domainname.com/admin
I use the username and password feature.
Is this pretty much the standard way of doing it?
Thanks in advance guys
GaryDee
Sergey Kornilov admin 1/16/2007

Yes, this is the right way to secure a database.
There are some extra steps though I believe they are optional:

  • encrypt passwords in the database
  • password-protect MS Access database itself
  • use HTTPS instead of HTTP to access your database
garydee author 1/17/2007

Yes, this is the right way to secure a database.

There are some extra steps though I believe they are optional:

  • encrypt passwords in the database
  • password-protect MS Access database itself
  • use HTTPS instead of HTTP to access your database


Thank you Sergey - but is it secure enough to leave the username and password within the commonfuntions page as is setup by default through ASPRunner?
Thanks

G
Sergey Kornilov admin 1/17/2007

commonfunctions.asp do not store any username or passwords.
garydee author 1/17/2007

commonfunctions.asp do not store any username or passwords.


Hi Sergey - maybe I'm using an older version?

But my commonfunctions.asp has the username and password within it:
cUserName = "yourusername"

cPassword = "yourpassword"
always has had...
Sergey Kornilov admin 1/17/2007

You must be using some older version of ASPRunnerpro.
Anyway your data as secure as your web server is.

If someone gets FTP access to your server you are in trouble no matter what kind of security you use.
In other case you are fine.
garydee author 1/17/2007

You must be using some older version of ASPRunnerpro.

Anyway your data as secure as your web server is.

If someone gets FTP access to your server you are in trouble no matter what kind of security you use.
In other case you are fine.


Good man Sergey - thanks for that information
Yes I must upgrade my ASPRunner version soon
Thanks for the info
G