ok quick question. i am setting up a website that uses an access database, and am curious if there is a way to prevent a user from guessing the name of the database file or some other than 'asp' file and downloading it. obviously i would not publish the file names but was curious in case someone with nothing better to do wanted to try. what do other sites do?
ASP files cannot be 'downloaded' by the end user although I've noticed a lot of people use the extension '.inc' especially for configuration files - if an end user guesses the name of this file they can download the raw contents of this file.