vb123.com

Garry Robinson's Popular MS Access, Office and VB Resource Site

  

Home  Contact Us
Order our Software


 Smart Access 
The Magazine that Access Developers loved to read and write for is back Read More

RSS & Newsletter  
Join our XML/RSS Newsfeed or sign up for our informative newsletter on Office Automation, Access and VB topics
Read More

Get Good Help
If you need help with a database, our Professionals could be the answer
Read More

  Is Your Database Corrupt ?
If you have a corrupt database, Try our Access Recovery service

The Workbench  Find out who has your database open, start the correct version of Access, easy compacting and backups, change startup options, mde compile,  shutdown database Read and Download

Access >>> SQL 
Upsize to SQL Server 2005 or 2008, easily repeated conversions, highly accurate SQL query
translation and web form conversion.
Read More

The Toolbox
Libraries of software that we regularly import into our projects. This is a newer version of the Toolshed More..

 

SharePoint
For our company file sharing and task management, we use
SharePointHosting
Datamining/Graphs
Explore your data with this versatile graphing and data mining shareware tool.  Read More

DryToast 
Backup and query your BaseCamp® projects
Read More

Garry's Blog
Find out a few other things that Garry has been writing about Microsoft Access. Read more

Like FMS Products?
Purchase them from us and get a free Workbench or Toolbox  More

Smart Access is Back
We have recently purchased exclusive rights to the Smart Access magazine

About The Editor Garry Robinson writes for a number of popular computer magazines, is now a book author and has worked on 100+ Access databases. He is based in Sydney, Australia
Contact Us ...

Search ...

or try our new site built with SharePoint Designer
 vb123.com.au
 

 
Next Tip  Access Database Security On The Web   (Part 1)  

After working with Active server pages for a while, I went to the server and typed in the path  to the database say http://www.gr-fx.com/database/northwind.mdb and the database started downloading to my local machine.  Anyone could do this.   So here was a question I put to my service provider

"Once you have transferred a Access database to an ASP site, what do you have to do to ensure that the database cannot be downloaded to someone elses site. Naturally I still need the visitors to read the database. Is this a case of only put on the site what you are happy to lose or is there some file protection settings that can be applied. By transferred I mean you type in the usr of the database say in the browser and it simply downloads as a file. Naturally the answer is fairly important."

And they answered as follows

"As the anonymous user needs access to the database for the asp pages to work this also gives them the ability to download the database IF they know the path to it. The only secure way is using Microsoft SQL server."

So what does this tell me given that I am not about to use SQL server yet.   Firstly make sure that the database is not easy to find on the server by the following techniques.
bulletMake sure that the directory that the database is in does not have directory listing authority for anonymous users.
bulletName the database directory something fairly obscure and maybe even the filename not *.mdb.   (check with your ISP before you do this)
bulletOnly put on the web what you are willing to sacrifice
bulletIn the directory where the database is, place a file called default.htm.  This will cause most browsers to open on this file rather than give a directory listing.

"Advanced Paranoid Users Article"

Click Here For for advice on secure databases as in this Microsoft Knowledge Base Article which is summarised below.   

There are three main steps to using ASP files to query a secure Microsoft Access database:

- Use ODBC Administrator to create a System DSN that points to the workgroup information file (System.mdw) you use with your secured database.

- Create an HTML form that requests a username and password. The HTML form passes the values to parameters in your ASP file.

- Modify the script in the ASP file to use the HTML form to request the username and password parameters in order to authenticate user access to your database.

Garry Robinson  - Sydney Based Consultant.
 

Links >>>  Home | Search | Workbench | Orders | Newsletter | Access Security | Access professionals