web-enable application for SQL Server 2000 MS Access 2000 front-end

---

• From: "Hannah McCarthy" <u27872@uwe>
• Date: Sat, 14 Oct 2006 13:25:39 GMT

---

Hi,

I have been asked by a friend to create a web application to be accessed by
her salespeople when they are out on the road. Current setup is an SQL Server
2000 on Windows 2000 platform with MS Access front-end. She wants the sales
guys to be able to get uptodate information on appointments, pricing and
products by logging into the website, etc. In-house that data is available
thru the MS Access front-end. What is the best technology to use for this.
She hosts her website on her own server, separate and not connected to the
SQL Server 2000.

I am a newbie to all of this, so please bear with me ...

Question 1) What is the best technology to use for this. Considering that the
website is also hosted on a Windows platform, would ASP.NET be the most
suitable ?

Question 2) I now have to access the data held on the SQL Server 2000,
therefore exposing the server to the outside world. What security measures do
I have to implement as a developer to eliminate/minimize risk of hackers
getting access to the data.

Question 3) Can I take it that a database administrator would have to setup
everything surrounding security, i.e. suitable user access, firewalls, etc. I
have noticed that they have a trusted connection setup from Access to the SQL
Server 2000 to obtain data. But that's OK I guess since it is only within
their own network (Maybe you can contradict me if I am lulled into a false
sense of security ...).

Question 4) Would you advocate for an SSL certificate to be installed on the
web server ?

Question 5) What would I have to implement in my coding for the database
connection to ensure that the system is secure.

Question 6) To prevent SQL injection would it be sufficient to incorporate
stringent validation for any of the test field in forms ?

Any help is greatly appreciated

Regards

Hannah

.

---

• Follow-Ups:
  • Re: web-enable application for SQL Server 2000 MS Access 2000 front-end
    • From: nigelrivett

• Prev by Date: Re: Adding Permissions
• Next by Date: Re: How to change the 'sa' password
• Previous by thread: Re: Adding Permissions
• Next by thread: Re: web-enable application for SQL Server 2000 MS Access 2000 front-end
• Index(es):
  • Date
  • Thread

---

Relevant Pages Re: hack using xp_cmdshell ... I'm no security expert, so please forgive if I'm not using the right ... install SQL Server in Windows Only mode and then Switch down to Mixed mode, ... Is the SQL Server instance a default instance? ... > port 65300, which has never been open on my firewall. ... (microsoft.public.sqlserver.server) Re: Why is SQL Server account used? ... > have a security monitoring application that monitors security across the ... > enterprise (Windows server, Unix servers and mainframes) and uses SQL ... Tibor Karaszi, SQL Server MVP ... (microsoft.public.sqlserver.server) Re: Install of SMS not detecting Active Directory ... admin on SMS server and using remote SQL server) but I had used the same ... setup runs in the context of the logged on user and not the ... >> installation fails immediately after answering the options with an error ... (microsoft.public.sms.setup) Re: how to allow creation of databases ... I already setup the security configuration as you mentioned. ... > find it easier to use standard SQL security rather than Windows ... You can configure SQL Server to use both authentication ... (microsoft.public.sqlserver.security) Linked Server Confusion - I dont know where to start... ... I have a Microsoft SQL Server 2005 installed in mixed mode (NT ... security plus standard SQL security). ... I should tell you that I do not have a Windows 2000 or Windows ... (microsoft.public.sqlserver.security)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > microsoft.public.sqlserver.security  > 2006-10