Database on wwwroot

Hello all,
I have Ms-Access database for checking username and password for the LOGIN page.
So it is always better to keep the database file on wwwroot folder??? what kind of security i can provide for the database. ??
and for checking the ASP pages....."script" and "execute" i have to specify...so from where i can specify this for ASp pages.
may be i'm not clear in my questions but the net savy ppl will come to know what i want exactly.
please guide me. This is my first project with ASP pages.
thanking you
NB: i Have IIS server as my web server
sachin

No, Database are always preferable to be put inside a Secure Folder. Not just at the same folder as Application.. Just check in IIS Configuaration, where you add a Folder to be available on Web. You can set it from there.

You can put the db in any folder on the system. If it's sensitive info, then you probably want to put it in a folder above the wwwroot. This way, the system can still refer to it when the asp scripts executes... but the user will not be able to 1) guess the db name and directly type the url to download it or 2) see the database name in an error message and then download it.

basically... if it's not within the wwwroot folder, then the system can get it, but nobody else can. And that's all you really need.

PS - If you are writing data to the db, this method will work too. The system will be able to write to the db.