ok quick question. i am setting up a website that uses an access database, and am curious if there is a way to prevent a user from guessing the name of the database file or some other than 'asp' file and downloading it. obviously i would not publish the file names but was curious in case someone with nothing better to do wanted to try. what do other sites do?

im kinda new with this so thanks for the help...

Ususally you place the Access database file 'above' the root folder of the web site so that it is not accessible through the web site using a simple URL, i.e.

The root folder for www.domain.com is..

c:\inetpub\wwwroot\domain.com\htdocs

The database file would then be located..

c:\inetpub\wwwroot\domain.com\private

ASP files cannot be 'downloaded' by the end user although I've noticed a lot of people use the extension '.inc' especially for configuration files - if an end user guesses the name of this file they can download the raw contents of this file.

Hope this helps.