• Password protect your database
  • Configure custom error pages.
  • If you reference your database using an include file, save the include file with the .asp extension rather than .inc. This prevents hackers from opening the .inc file and viewing the location of your database.
  • Save  your .mdb file to the Private folder. This can be found in the root of your FTP space.
  • Use non-descriptive name for your database and change the default extension from .mdb, to .asp, .txt, .bak or similar.  This will limit the possibility of a hacker locating your database through a .mdb search or brute-force dictionary attack.
  • Reduce the possiblity of a hacker running an auto-detection script against your site by avoiding common folder names for any parts of your web site that link to your database. Names to avoid include; orders, admin, shop, shopper, shopping, store, cart, billing, backoffice, webshop, checkout, secure, customers.
  • Use the view options in Access to hide tables containing confidential data.
  • Encrypt your database using Blowfish (http://www.di-mgt.com.au/crypto.html)