I have always defined my sites outside of the html folder. This way I can have my connections sit outside of the html folder as an added layer of security. Is this necessary? It is a real pain since I have to use all site root relative links and DW does not display the images properly since the root is actually different (from a browser's standpoint).

I am considering defining the site root as www.domain.com/html and storing the connections folder within the html folder. Are there any security issues associated with doing so? The ASP connections show both the username and password for my SQL Server DB. Is there some workaround or better way to do this?

Thanks for your help!

tlyoung
DWMX | ASP | MsSQL

Its standard practice to include database connection details somewhere within your sites structure. The majority of apps that you download, commercial and otherwise will have some form of config.asp page within the directory structure that contains potentially sensitive information such as database login info. To be able to access this data though, a potential hacker will have to have already compromised your server to an extent that they can access these files - and by that stage you're knackered anyway.

So its the only sensible way to do it really, you can, as you say, keep files outside of the site but in most cases people are running sites off hosting providers boxes so do not have the ability to do this. I really wouldnt worry about it, chances of your database being cracked by someone accessing a file by this method is extremely extremely slim.

D2 Sitelock v3.0
Sell and securely deliver downloads, paid subscription systems and website membership areas:
www.d2computing.co.uk/sitelock.htm