这两种方法都是在这个意义上，该文件将不会得到服务到远程客户端（除非您创建db文件夹虚拟路径是安全的。没有文件从网站服务通过在web.config中HttpHandlers的部分制约：

Both methods are safe in the sense that the file won't get served to a remote client (unless you create a virtual path to the db folder. Files not served from a site are governed by the httpHandlers section in web.config:

<add path="*.mdb" verb="*" type="System.Web.HttpForbiddenHandler" validate="True" />

型此处添加任何文件类型= HttpForbiddenHandler将不会投放。

Any file type added here with type=HttpForbiddenHandler will not be served.

在哪里把Access文件是品味和访问的问题。如果你把它放在你的网站，即外的DB文件夹，你将不得不设置权限你使用你的网站/应用申请帐户。 App_Data文件夹中放置它，你要走了。另外，如果你在一个托管环境是你可能不能够把你的访问文件的站点文件夹之外。

Where to put the Access file is a matter of taste and access. If you put it outside of your site i.e. in the db folder you will have to set up permissions for the application account you're using for your site/app. Placing it within the App_Data folder you're set to go. Also, if you're in a hosting environment you might not be able to place you're Access file outside of the site folder.

我的2美分：去的App_Data文件夹

My 2 cents: go for the App_Data folder.

.håkan