I have a website with dynamic content--using ASP/ms access. The database lives in the root of the site. So, if someone guesses the name of the .mdb file, they could download it. like:

www.website.com/database.mdb

How can I prevent that??

i'll move it out of the web virtual directory to a different directory altogether -- one outside of the web root. can also change file extension to make it a little trickier. and u can password protect the mdb so even if they do get it, they will have to crack the password too.