Every Oochie Hosting user has the same initial file
structure. This document explains each directory in detail and offers
recommendations for placing files into certain locations for security
reasons. For the purpose of this document, the only web accessible
directory (a directory that people on the Internet can view) is the
wwwroot directory. This is the directory you will place your website
files (see \db directory information below).
\
\db
\logs
\wwwroot
\ = This is the top level directory in your website and has three
directories under it (sub-directories). While you can place files into
this directory it is not recommended you do so for organizational
purposes. This directory is not web accessible.
\db = This directory in not web accessible and was designed to store MS
Access MDB files. This is an important distinction as you wouldn't want
your database files "web accessible". Usually most people will place
any very important files into this directory. If you use the Control
Panel to create a MS Access database, it will be created here. This
does not apply to MS SQL server as the actual database files are
located on a different server.
\wwwroot = This is a web accessible directory and where you will place
your website files. As with any directory, you may create new
sub-directories under the wwwroot folder. Additionally, you can
password protect these folders as well.
Note, we DO NOT recommend that you keep database files under the
wwwroot folder - even if that folder is password protected. Should
password protection fail on that server your database may be exposed.
Naming the database something wild like "sdfveferferq.mdb" is not truly
an effective way of hiding a database either. Should Directory Browsing
fail or be accidentally enabled through you Control Panel, your
database would be exposed to the public.
If you are storing any sensitive information of a personal nature. e.g.
credit card numbers, social security numbers ect... YOU ARE REQUIRED TO
ENCRYPT THIS DATA AND ENSURE IT'S SAFETY. Not only is this our policy,
companies like Visa and MasterCard are working to require such security
measures by law.