Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Access back end with asp, need security 2

Status
Not open for further replies.
krizsy

krizsy

Technical User
Apr 28, 2004
11
US
We have Access 2003 database that includes sensitive information. We use ASP as the frontend.

The database should be accessible by only one domain admin and needs to be secure from all other
access by everyone else.

- Setting permissions on the DB to just the domain admin won't work because other domain admins could apply
permissions and then open it

- We could set a password on the database but then how do we pass the password to the DB from the ASP front
end without sending the password in clear text? = THIS IS THE KEY QUESTION

- We can't upsize to SQL because then other SQL admins could set permissions and then view the database
 
Sort by date Sort by votes
secure the folder in which the db sits...

consider limiting to IP address of main user...


Bastien

Cat, the other other white meat
 
Upvote 0 Downvote
If you really want security then secure it with a Workgroup. There's code snippets all over the web for cracking MSAccess password protection.

Connection string examples courtesy of Able Consulting
If MDB has a database password:
Code: 
oConn.Open "Provider=Microsoft.Jet.OLEDB.4.0;" & _
           "Data Source=c:\somepath\mydb.mdb;" & _ 
           "Jet OLEDB:Database Password=MyDbPassword", _
           "myUsername", "myPassword"
If using a Workgroup (System Database)
Code: 
oConn.Open "Provider=Microsoft.Jet.OLEDB.4.0;" & _
           "Data Source=c:\somepath\mydb.mdb;" & _ 
           "Jet OLEDB:System Database=MySystem.mdw", _
           "myUsername", "myPassword"
 
Upvote 0 Downvote
you could use an encryption object, encrypt the password to the db, encase the encrypted value into a application variable ( global application_onstart ) then refer and decrypt this password in the asp pages as per needed. and since in the asp pages it would look like decryptobject(application("DbPass")) it would be hard from a single asp to figure it out and even if they got ahold of the global it'd be application("dbpass") = "GWnrTs;|safh2"

granted the people on the network could always make them selves a asp page with a response.write Decryptobject(application("dbpass")) and get around this, but...

if this is really sensitive information and there's paranoia about accessibility, throw up a dinky little old pentium machine, install nt4 on it or win2k and web services, i would assume this in in house only, and make the security issues to be to get INTO that one machine alone, use virtual routing to the other machine so that this one portion of the site is located in a single protected machine, instead of trying to protect a small portion of the site

i guess this could be done with a virtual folder with windows permissions set, to where the pages, the db and everything is housed in a smaller secure environment, but i dont believe this would be as effective.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

leifoet
  • Locked
  • Question
How to send HTML emails with ASP classic?
Replies
0
Views
831
leifoet
leifoet
penguinspeaks
  • Locked
  • Question
write HTML code within ASP line
Replies
1
Views
811
xwb
xwb
penguinspeaks
  • Locked
  • Question
Return to current location on page after asp processes.
Replies
2
Views
743
penguinspeaks
penguinspeaks
JScannell
  • Locked
  • Question
Border issue with Google Chrome on an Android phone
Replies
0
Views
572
JScannell
JScannell
how2trainyourdragon
  • Locked
  • Question
Request.Server variables blank for classic ASP
Replies
12
Views
2K
GriffMG
GriffMG

Part and Inventory Search

Sponsor

Back
Top