Hi,
I have published a small website and I'm using an excel file as a database. The problem is that the excel file could be easily downloaded if its path is known !
(e.g. www.mysite.com/myexcel.xls -> opens a "save as" window)
What can I do, to protect my data.
Kind regards.
Excel is not a database - I would highly advise against this, there are many good (often even free) databases out there to use.
Using proper SQL in a real database would be a much better plan.
Your website has a "document root". That is to say, www.example.com/X.html will return the contents of something like C:\DocumentRoot\X.html. You obviously placed your Excel file in the document root directory. Solution: Move it to its own location outside the document root, and use a full path when accessing it from code.
First of all, you shouldn't be using Excel as a data store for your website. But if you have no other choice...
I'm guessing that you have a web application that manipulates the Excel file. What you can do is place the Excel file outside of the publicly accessible path. For example, if your public website is hosted at /var/www/myapp/public, and the public directory is accessible to the outside world, then you could place the Excel file in /var/www/myapp and make sure that that directory isn't served to the outside world by the web server. Your application should still be able to access the file.
As stated above, you should move it to a sub directory and if your using IIS hosting you should create a web.config in the sub directory that "denies all".
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<system.web>
<authorization>
<deny users="*"/>
</authorization>
</system.web>
</configuration>