Is an Access 2007 db Secure enough for a Corporate server?

  • Thread starter Thread starter Billiam
  • Start date Start date
B

Billiam

I am concerned that an Access 2007 db is not secure enough and that you
should use MySQL or Oracle. Is this true and why?
 
Billiam said:
I am concerned that an Access 2007 db is not secure enough and that
you should use MySQL or Oracle. Is this true and why?

If you are concerned about securing a file-based system like Access/Jet from
*non-users* then you protect it with network security, not Access security.
If you are worried about securing data from *users* of the file then yes,
you are better of with a server database engine. No file-based system will
be as secure as a server-based system.
 
Access 2007 uses Windows Security. Is Windows Security secure
enough for you? If not, you should not use Windows.

Windows Security does not give you record-level security. Do you
need record-level security? i.e. some people can see some data,
other people only see other data? If you need record-level security,
you need an additional record-level security system.

The record-level security system in MDB files is very old, does
not use Windows Security, and is not secure. If you need secure
record-level security, you should use MS SQL Server (or MySQL
or Oracle, but only if you already use those systems) with Access.

The role-based security system in Access is also very old,
does not use Windows Security, and is not secure. If you need
secure role-based security, you should not use Access. You
should use C++ or C# or VB.net, so that a connection can
be associated with certificate. If you use Access, there is no
secure way to prevent a user from using Excel to do anything
that the same user can do in Access.

Access is just as secure as your corporate server is. It does not
make your corporate server less secure. It does not add any
new security features to your corporate server.

If you need new features, you need to add a new service that has
the new features. Adding a new service, or a new server, is
automatically less secure. Adding a new Oracle or MySQL server
will give you a new security weakness, will not make you more
secure, but will give you new things you can do.

If you need to securely do things that Access cannot securely do,
you need to a new service to do those things. It is not about if
Access/Windows is secure enough: Windows 3.1 was not secure.
Windows 98 was not secure. Windows Server 2003 is secure if
you secure it.

Word doc files on your corporate server are secure enough if
properly secured, but may not have all the database features
you want. Email files on your corporate server are secure enough
if properly secured, but may not have all the database features
you want. XLS files on your corporate server are secure enough
if properly secured, but may not have all the database features
you want. MDB files on your corporate server are secure enough
if secured properly, but may not have all the database features
you want. MSACCESS.exe on your workstation using Oracle
is secure enough if properly secured, but may not have all the
database features you want.

In particular, secure record-level access control is not available
with MDB files: (insecure record-level access control is available),
and secure role-based access is not available with MSACCESS
(insecure role-based access control is available). Secure table-
level access control is difficult to implement, and would also be
a reason for choosing Access with MySQL/Oracle/SQL Server
instead of Access with MDB.

(david)
 
Thanks for your great reply, David. If I understand you correctly, our access
2007 data should be okay on a properly secured microsoft Small business
server network from *non-users*--from the internet, for example. We are not
concerned about our very small group of users (although I am sure many think
this is foolish!).


Billiam
 
I agree. Committing anything to paper - or to computer - is always
a security risk, but if your Oracle Server is more secure than your
File Server, you've got something set up wrong.

(david)
 
Back
Top