How secure is MSAccess?

  • Thread starter Thread starter VB Programmer
  • Start date Start date
V

VB Programmer

I am creating a new ASPX web app. I would like to use MS Access, but am
concerned about security. There will be alot of secure info in this db
(credit cards, passwords, client info, etc...) Is Access secure enough or
should I just go with MS SQL Server? I like the portability of the MDB.

Also, any good links/suggestions on how to secure your db interactions (ie
ConnectionString in web.config, passwords/credit card info in tables,
etc....)

Thanks!
 
Mixing portability with security?!?!?!

Go with MSDE instead (the free version of SQL-Server but limited to 2Gg for
the size of the database).

S. L.
 
¤ I am creating a new ASPX web app. I would like to use MS Access, but am
¤ concerned about security. There will be alot of secure info in this db
¤ (credit cards, passwords, client info, etc...) Is Access secure enough or
¤ should I just go with MS SQL Server? I like the portability of the MDB.
¤
¤ Also, any good links/suggestions on how to secure your db interactions (ie
¤ ConnectionString in web.config, passwords/credit card info in tables,
¤ etc....)

As a data store it isn't the most secure. In addition, if this is a multi-user application then I
would also recommend SQL Server instead.


Paul ~~~ (e-mail address removed)
Microsoft MVP (Visual Basic)
 
If you could get to the SQL.dat file could you not just bring it right into
an existing sql server and read the data directly?

Both options would require direct access to the data file.

I guess I am just thinking outloud.
 
If you could get to the SQL.dat file could you not just bring it right into
an existing sql server and read the data directly?

Both options would require direct access to the data file.

I guess I am just thinking outloud.
 
Yes, you are right.

However, the SQL-Server being run as a service, you can protect its data
files either by restricting their access to another account, or even better,
by putting the SQL-Server on another machine. In this way, these data files
can be highly protected while keeping access to the data from your
application. With a good configuration, the datas can even be protected
from the peeking eye of a local technician width administrative rights on
the machine.

But with Access, your application must have a direct access to the whole mdb
file; thus greatly enhancing the possibility of someone getting a way to
copying the whole file. An hacker or a local administrator can easily copy
the file and get an easy access to the credit card informations.

S. L.
 
Access is not secure at all. You will have to do it with standard
operating procedures.

You can start with limiting physical access to the machine (limited
access area).
Keep database files out of network shares and not under wwwroot directory.
Use strong passwords for everything.
Keep the server patched.
Limit access to backup tapes/files/media.
Don't store or hardcode passwords.
 
Back
Top