Securing ACCESS with ASP Pages

[dsk525]

Hi All,

I have an ASP website with Microsoft Access database as the back end. All the usernames / passwords are stored in a table. I would like to find out what are my options of securing the Access database so that no one can hack into it and modify usernames/passwords.

Thank you in advance.

 

[psemianonymous]

You might want to ask this question on the ASP forum, but I'll answer it as much as I can:

1. You have to protect your web pages from SQL injection attacks. Google 'sql injection' or ask on the ASP forum as to how to prevent this.

2. You can't put the database in a web-accessible folder. i.e. you shouldn't be able to type httpetc://

http://www.yoursite.fake/backend/db1.mdb

and get your database.

3. Do you need to protect the database from anyone INSIDE the corporate firewall? This is just common sense, but don't allow anyone access to your database file that shouldn't have any.


I wrote a generalized FAQ about Access security, but it is entirely dedicated to Access applications over a local network, not over the web.

Gauging your security needs; alternatives to Access/JET security faq181-3893


Pete