adOpenStatic Logo
Navigation
Home
FAQ
Ken's Blog
Resources
Contact Ken
Copyright 2000 -



Structuring Your Website
When developing your web application you may wish to bear the following things in mind. Nothing, of course, can substitute for a good analysis and design process, but for many small sites such techniques are either beyond the budget, or beyond the technical ability of the client or developer.

  • Create centralised folders for re-usable content. Web designers have been doing this for quite some time with images. By centralising all images to a central /images/ (or similar) folder loading of webpages is faster for the end-user because images will be reloaded from the browser's cache. Whilst a similar rationale does not apply to Server-Side Include files, the use of a central /includes/ folder to store re-usable content means that both absolute references (<!-- #include virtual="/includes/include.asp" -->) can be used, and that SSI directive code can be "cut-n-pasted" from page to page without the need to worry about adjusting relative references.

  • Store file based databases (eg Access .mdb) files outside the website's folder structure. This will prevent attackers from downloading your database by entering http://yoursite.com/db/yourdatabase.mdb into their web browser. If you can't store the database outside the web root (eg because you are using a hosted server), then ensure that Read permission is not allowed in the IIS MMC Snapin for the folder in question. This prevents attempts to read the file via a HTTP request. Many hosting companies will provide a folder configured this way (eg /fpdb) for your use. For those using Frontpage Server Extensions, running the Security Configuration Wizard (via the IIS MMC) will automatically secure permissions on a folder named fpdb if there is one off your www root folder.

  • Centralise common information (eg database connection strings, or ADO constants). For small sites you could store your database connection string in an application variable which is initialised when the first person hits your website, by entering the following into your global.asa

    <script runat="server">
       Sub Application_OnStart
          Application("DBConnString") = _
             "Provider=Microsoft.Jet.OLEDB.4.0;" & _
             "Data Source="d:\databases\myDatabase.mdb;"
       End Sub
    </script
    >

Guide Homepage | Back | Next