Re: Web form w/ Access DB Security

From: Mary Chipman [MSFT] (mchip_at_online.microsoft.com)
Date: 03/16/05 

Date: Wed, 16 Mar 2005 11:13:47 -0500

If security is a genuine concern, then DO NOT use an Access database.
Access was originally designed and conceived to be a desktop database
over 12 years ago, and it hasn't changed all that much in the
meantime. It's so-called security features have been hacked a long
time ago, and it does not function well as a data store for a web
application. I'd advise looking into SQL Server/MSDE as a back end for
your web app.

That being said, for Access you should be using the OleDb provider,
not ODBC. DSNs are another huge security hole since the user ID and
password is stored in clear text. You would need to grant the
appropriate ACLs to the ASPNET worker process account (Windows) on the
file share that the .mdb and .mdw reside on.

--Mary

On Wed, 16 Mar 2005 06:25:03 -0800, wwcoop
<wwcoop@discussions.microsoft.com> wrote:

>I am deploying a web form developed in VB.NET
>using an OleDB connection to an Access DB.
>I am able to deploy the app with the DB residing
>in the same folder to the web server and get it
>running.
>
>I now want to change the configuration so that
>the the DB does NOT reside anhywhere in the web
>directory. (For security reasons.)
>
>I tried setting up a DSN in the ODBC Data Source
>Administrator, however I now know that
>Visual Studio does not support use of a DSN in
>the IDE (at least not comprehensively)--
>you have to use a code behind which
>can be rather nasty.
>( See http://www.developerfusion.com/show/3581/ )
>
>Question: How would I access this DB if it is on another
>computer on the same network? OR, can I put the DB
>outside of the web directory on the web server and
>still be able to access it? What configuration should I
>use?
>
>Thanks!

Relevant Pages

  • Re: Mail merge toolbar unavailable after SP3
    ... extra security measures to protect your users. ... but you should not HAVE to do a registry change on every computer ... Access database that is used to generate a mail merge of insurance ... only the Main Document Setup and Open Data Source buttons ...
    (microsoft.public.word.mailmerge.fields)
  • Re: Executing another mdb file from a current mdb file....
    ... The following example shows how to delete a form in another Access database ... The automation security level is temporarily reset to ... Dim accAutoSec As MsoAutomationSecurity ... 'Reset the security to low temporarily to avoid the security warning ...
    (microsoft.public.access.modulesdaovba)
  • Re: Securing A Folder On A Server
    ... i've never used Acess's user-level security, so i can't answer any questions ... Access database. ... I understand the concept of user groups ... > with appropriate permissions. ...
    (microsoft.public.access.gettingstarted)
  • Re: "Always ask before opening this type of file" dialog box
    ... section in IE under the security tab. ... > "The Always ask before opening this type of file check ... > Wait a minute I just want to open the Access database ... > I searched the Microsoft web site and Microsoft said that ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Establishing Access 2002 Security Levels - Resources
    ... There is also now a general book about general MS Access Security in ... Apress: Garry Robinson: Real World Microsoft Access Database Protection and ... > reading for learning to establish security levels across ...
    (microsoft.public.access.security)