vb123.com

Garry Robinson's Popular MS Access, Office and VB Resource Site

  

Home  Contact Us

Order Software
Search vb123

 Smart Access  
The Magazine that Access Developers loved to read and write for is back
Article Index Here or
Purchase Here

RSS & Newsletter  
Join our XML/RSS Newsfeed or sign up for our informative newsletter on Office Automation, Access and VB topics
Sign up here

Get Good Help
If you need help with a database, our Australian Professionals could be the answer
Read More

  The Workbench  Find out who has your database open, start the correct version of Access, easy compacting and zip backups, change startup options,  compile, shutdown database
Read and Download

Access > SqlServer 
Upsize to SQL Server 2005 or 2008, easily repeated conversions, highly accurate SQL query
translation and web form conversion.
Read More

Like FMS Products?
Purchase them from us and get a free Workbench or Smart Access  More

The Toolbox
Libraries of software that we regularly import into our projects.  More..
Garry's Blog
Find out a few other things that Garry has been writing about Microsoft Access. Read more

About The Editor Garry Robinson writes for a number of popular computer magazines, is now a book author and has worked on 100+ Access databases. He is based in Sydney, Australia
Contact Us ...

 

or try our new site built with SharePoint Designer
 vb123.com.au
 

 
Next Tip  Access Database Security On The Web   (Part 2)

Alistair Hamilton from Beta-microSolutions came up with more information which the ISP quickly amended to stop the problem with the possible download of the database.   This is summarised as follows

Permissions

The Required Settings For IIS
Directory R W D (Special Directory Permissions)
File Permissions for MDB R W D (Special File Permissions)
The directory in IIS Disable read access

The Microsoft Knowledge Base Article is not going to stop the file being downloaded. It simply incorporates Access security mechanisms and makes them available over the Net.

The statement from your ISP is incorrect. The anonymous Web user account on the ISP server needs file system read and write permissions to the database directory and file. This is necessary to allow records to be read and written to the database by the user through asp and ODBC. The reason that your file is being downloaded is because your ISP has left your database file directory Web permissions set to read (as opposed to file permissions). It's this that causes the file to be downloaded when you enter the full URL.

Just to reiterate, the database file and its directory should have file system access permissions to allow reading and writing to/from the database. (The directory needs read/write permissions because ODBC needs to be able to create and access the LDB file). Web read/write permissions should NOT be allowed within the Web Server software for the
database directory.

Though the four suggestions you make are correct and eminently sensible can I make the following additional suggestions?

Do NOT allow directory browsing or indexing of the directory. (The same applies to any asp folder). On our Intranet server, we also disable web read permissions for the asp folder. (At the time of writing I haven't checked if our ISP has set this). Our understanding is the anonymous user does not need read web access to this, only script or execute access, as the process is run internally by the server software - as long as execute/script permissions are enabled of course. (It works for the asp scripts we use on our Intranet, which are primarily modified MS FrontPage Database
Region Wizard generated scripts. Unless there is something peculiar to the way FrontPage Server Extensions and ASPs are run by MS Internet Information Server, I see no reason why this would be different for scripts produced using some other method).

This information is based on my knowledge of MS Windows NT Server and MS Internet Information Server which is used by both us and our ISP. Whilst I see no reason why this information wouldn't be applicable to other systems, I cannot vouch for that.




Alistair Hamilton
Beta-microSolutions
www.beta-microsolutions.co.uk

Beta-microSolutions - A Brief History
 

Links >>>  Home | Search | Workbench | Orders | Newsletter | Access Security | Access professionals