Im building an ecommerce website. The hosting company said that its insecure because Im using an Access database. They said I could place it above the root directory so its not accessible by people. How would I do this? They also said I was using non-compliant code because of the way I was referencing the database. My line is:

connectToDB.ActiveConnection = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=" + Server.MapPath("database/mydb.mdb")

What would it be if I place the db above the root folder? And how would I make this line into compliant code?