Hello,

I'm trying to make an access 2000 database secure. The access database is on a secure server (https. An asp page calls it and adds info to it. I know thru the connection, in asp, you can identify the admin name and password but how do you go about attaching that info to the database in the first place? Is it through the access program or is it through the server?

Also if anyone knows of a good reference on "Access Database Security over the Internet", please pass the info on.

Thanks
Jess

Access isn't the best DB to use for the Internet. It doesn't allow for the kinds of concurrent users the Internet can attract. You may have problems if you continue with Access instead of SQL Server or another DB solution.

If you're bent on using Access, but want to secure it, you need to create a DSN for it. That way you can put the DB off of the web server, but still access it. So you want to have a computer that will host the DB, then create a DSN on that computer, then change your ASP code to access the DB through the DSN instead of a file path..

Here's another thread with some info about DSN's:

http://dbforums.com/showthread.php?threadid=913785

If you have admin access to the server, use DSN. Copy the DB to the server in a secure directory. Then, on Win2000/XP, go to Contol Panel>>Admin Tools>>Data Sources and declare the type of data source, location, etc. You can then issue your commands very easily from the ASP. If you want to secure the database even more, there are options, I believe when you set up the DSN. This works great unless your host requires hard coded paths, but the commands are the same, AFAIK. I have a site running on a host where the domain root contains a 'db' and 'www' directory. A drive path maps to the db directory where the *.mdb files are kept. The nice thing about that is that it is not a public folder. But if I have my choice, I find DSN easier to deal with.

I'm using the DSN-Less method and right now the
UID=Admin but the PWD="" blank
I would like to put something in the PWD so not anyone can make a call into it. I know how to code it in on the asp sheet but how do I create a password on the system side?

Jess

Our suggestion is to go with a DSN instead if a DSN-less connection.. then you do not need a password on the system side, but is still secure.

I started out with a DSN connection but my web provider has suggested that I use the DSN-Less connection type.

So I'm still in search of how to set up the password for the UID=Admin.

You can't... you can supply the UID for the DB, but not the File System. DSN-less works great if you are using a SQL Server, but not so well for Access DBs since you leave your DB exposed. If your stuck with Access, then stick the DB in a non-browsable directory. Just make sure that the IIS anonymous user (IUSR) has access to it.