1. If your db is file based (like MS Access) make sure it is not in a URL addressable area, to prevent unauthorized download.
2. Use asp to restrict access to the actual web app, i.e. if the user's not already logged in, redirect to/display login.
3. In the asp code that accesses the db, make sure you check for field lengths, single quotes, etc. and handle them appropriately to prevent accidental or purposeful harm to the db.
4. If you're serious about security, pipe all of this through a secure channel, i.e. https:// via SSL to prevent the compromise of your users' login credentials.
Do all this, and you'll be pretty secure. On the web, nothing is 100% hack proof, but this will get you close.