Results 1 to 7 of 7
  1. #1
    Join Date
    Sep 2003
    Posts
    3

    Unanswered: Securing Access DB on Internet

    Hello,

    I'm trying to make an access 2000 database secure. The access database is on a secure server (https. An asp page calls it and adds info to it. I know thru the connection, in asp, you can identify the admin name and password but how do you go about attaching that info to the database in the first place? Is it through the access program or is it through the server?

    Also if anyone knows of a good reference on "Access Database Security over the Internet", please pass the info on.

    Thanks
    Jess

  2. #2
    Join Date
    Jul 2003
    Location
    SoCal
    Posts
    721
    Access isn't the best DB to use for the Internet. It doesn't allow for the kinds of concurrent users the Internet can attract. You may have problems if you continue with Access instead of SQL Server or another DB solution.

    If you're bent on using Access, but want to secure it, you need to create a DSN for it. That way you can put the DB off of the web server, but still access it. So you want to have a computer that will host the DB, then create a DSN on that computer, then change your ASP code to access the DB through the DSN instead of a file path..

    Here's another thread with some info about DSN's:

    http://dbforums.com/showthread.php?threadid=913785
    That which does not kill me postpones the inevitable.

  3. #3
    Join Date
    Sep 2003
    Location
    Ohio
    Posts
    7

    Use DSN if you can

    If you have admin access to the server, use DSN. Copy the DB to the server in a secure directory. Then, on Win2000/XP, go to Contol Panel>>Admin Tools>>Data Sources and declare the type of data source, location, etc. You can then issue your commands very easily from the ASP. If you want to secure the database even more, there are options, I believe when you set up the DSN. This works great unless your host requires hard coded paths, but the commands are the same, AFAIK. I have a site running on a host where the domain root contains a 'db' and 'www' directory. A drive path maps to the db directory where the *.mdb files are kept. The nice thing about that is that it is not a public folder. But if I have my choice, I find DSN easier to deal with.

  4. #4
    Join Date
    Sep 2003
    Posts
    3

    Re: Use DSN if you can

    I'm using the DSN-Less method and right now the
    UID=Admin but the PWD="" blank
    I would like to put something in the PWD so not anyone can make a call into it. I know how to code it in on the asp sheet but how do I create a password on the system side?

    Jess

    Originally posted by McFrisch
    If you have admin access to the server, use DSN. Copy the DB to the server in a secure directory. Then, on Win2000/XP, go to Contol Panel>>Admin Tools>>Data Sources and declare the type of data source, location, etc. You can then issue your commands very easily from the ASP. If you want to secure the database even more, there are options, I believe when you set up the DSN. This works great unless your host requires hard coded paths, but the commands are the same, AFAIK. I have a site running on a host where the domain root contains a 'db' and 'www' directory. A drive path maps to the db directory where the *.mdb files are kept. The nice thing about that is that it is not a public folder. But if I have my choice, I find DSN easier to deal with.

  5. #5
    Join Date
    Jul 2003
    Location
    SoCal
    Posts
    721

    Re: Use DSN if you can

    Originally posted by jess
    I'm using the DSN-Less method and right now the
    UID=Admin but the PWD="" blank
    I would like to put something in the PWD so not anyone can make a call into it. I know how to code it in on the asp sheet but how do I create a password on the system side?

    Jess
    Our suggestion is to go with a DSN instead if a DSN-less connection.. then you do not need a password on the system side, but is still secure.
    That which does not kill me postpones the inevitable.

  6. #6
    Join Date
    Sep 2003
    Posts
    3

    Re: Use DSN if you can

    I started out with a DSN connection but my web provider has suggested that I use the DSN-Less connection type.

    So I'm still in search of how to set up the password for the UID=Admin.

    Originally posted by Seppuku
    Our suggestion is to go with a DSN instead if a DSN-less connection.. then you do not need a password on the system side, but is still secure.

  7. #7
    Join Date
    Jul 2003
    Location
    SoCal
    Posts
    721

    Re: Use DSN if you can

    Originally posted by jess
    I started out with a DSN connection but my web provider has suggested that I use the DSN-Less connection type.

    So I'm still in search of how to set up the password for the UID=Admin.
    You can't... you can supply the UID for the DB, but not the File System. DSN-less works great if you are using a SQL Server, but not so well for Access DBs since you leave your DB exposed. If your stuck with Access, then stick the DB in a non-browsable directory. Just make sure that the IIS anonymous user (IUSR) has access to it.
    That which does not kill me postpones the inevitable.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •