RE: Database security
From: Leff Cpl Eric E (LeffEE@1FSSG.USMC.MIL)Date: 09/19/02
- Previous message: Kurt Seifried: "Re: Restricting access to a CD-WR drive on a Win2K Server"
- Maybe in reply to: zero: "Database security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: Leff Cpl Eric E <LeffEE@1FSSG.USMC.MIL> To: "'Dominick Baier'" <db@die-lounge.com>, "'zero'" <zeroboy@arrakis.es> Date: Thu, 19 Sep 2002 08:37:44 -0700
Hi
Access does come with Table level security. Microsoft Access can
contain its own set of users, groups and passwords which all have unique
permissions. If you go to the menu bar in Access and select security,
you will see a list of security options. From there you can create
custom groups and users. You can then assign very granular levels of
permissions to specific tables, forms, queries, etc. You can specify
exactly who can read what table and how much power they have while
there.
Having said all of that, I would still suggest one of the SQL
variations. They are designed for the requirements of the work
environment. Access is best suited for SOHO use. Access has no inherent
backup utilities, nor does it have the stability or scalability that the
SQL variants have. SQL can authenticate using either it's own internal
users or it can authenticate with the OS user lists.
Unless you will be using this database in a very small office
where only a few people will be accessing your database at a time, SQL
is definitely the better way to go.
Eric
-----Original Message-----
From: Dominick Baier [mailto:db@die-lounge.com]
Sent: Tuesday, September 17, 2002 12:44 PM
To: 'zero'
Cc: focus-ms@securityfocus.com
Subject: AW: Database security
Hi,
well access and secure web application are two terms that don't go
together.
the first and main point is - access has no means of authentication
(besides that crappy password) or authorization. you can't say person x
has the right to read data from table y.
another reason against access is that you have to have some sort of file
systen connection to the access file. when the .MDB is on the same
system - a webserver compromise is enough to simply copy the whole data
per e.g. tftp to another machine. if the .MDB is on another machine you
have to have NetBIOS enabled, which is generally a bad idea.
Performance-Wise : Access is no multiuser-dbms - in a web application
you typically habe concurrent data access.
Go for a Client/Server DBMS on (physically) another machine, e.g. SQL
Server, Oracle aso
that is the only choice if you are looking security and
stability/scalability.
greets
dominick baier
ernw.de
-----Ursprüngliche Nachricht-----
Von: zero [mailto:zeroboy@arrakis.es]
Gesendet: Montag, 16. September 2002 22:27
An: focus-ms@securityfocus.com
Betreff: Database security
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi all,
I'm looking for some good reasons for not using Access 2000.
Well,
I don't like it very much but what is the difference between access and
some other databases like postgreSQL or mysql? Are they more flexible,
more
secure? Any help is welcome. The question is, is it better to use access
on
a secure web application or some other database?
Gretz
www.citfi.org
www.podergeek.com
**********************************
"The further backward you look, the further forward you can see" Winston
Churchill
"Access is GOD..."
-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>
iQA/AwUBPYYweQ0R8jZM93x8EQJpeACgz3WwAQofnBs5i/iEnhdDG2aSHUUAnA0u
OZpKbSHk3oUoQJ2LG4pi9pde
=l7QR
-----END PGP SIGNATURE-----
- application/x-pkcs7-signature attachment: smime.p7s
- Previous message: Kurt Seifried: "Re: Restricting access to a CD-WR drive on a Win2K Server"
- Maybe in reply to: zero: "Database security"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
