Okay, About every month someone asks "How do I protect my Access database? Experienced developer's always suggest placing the database outside of the web root. Most developers suggest that you get a real Relational Database Management System :). Well there is a bug in the system that can be taken advantage of if you can't do either of the above First of all I did this using a DSNless connection to Access2000, win2kserver, IIS5. It has also been tested on IIS4 and works flawlessly DRIVER={Microsoft Access Driver (*.mdb)}; DBQ=\\nas2.orcsweb.com\aspfree.com$\authors\carl_mcdade\db1.asp
|
Notice anything strange about the above connection string? The file extension is *.asp rather than the usual *.mdb. The next step is to use the database encryption tool in Access. Why do this? Well just changing the extension name to *.asp will jumble the contents of the db. But a lot of it is still ledgible. If you are trying to protect passwords then one or more will be visible.This is because the web browser opens and tries to read the faked ASP file. Encrypting the file will stop any other program with the exception of Access and ASP code from reading the file. The database unencrypted. After encryption you will get an ASP tags not found error. Step_By_Step: - Encrypt the database
- Rename the file from *.mdb to *.asp
- Use a DSNless connection to connect to the database file.
Some Facts
- One might try "save target as" the file then remove the encryption. In all cases both Netscape and Internet Explorer refused to do this.
- The db cannot be downloaded because since the ASP file does not really exist. The visitor gets the standard IIS5 error page and no url. In the case of IIS4 one may get a code error message:
Active Server Pages error 'ASP 0116'
Missing close of script delimiter /mcdade/db1.asp, line 4
The Script block lacks the close of script tag (%>). - The dsnless connection to the db file still works regardless of the file extension used in the connection string. This is a bug in the system but it is a useful one.
- Using encryption on a MS Access database slows down the database by 15%, according to Microsoft
- Using script tags within the database records seems to have no effect on the protection system. Because encryption does not allow the file to be read by any program other than MS Access
Neat trick huh?.
|
|
| DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware. |
More Microsoft Access Articles
More By Carl_McDade  developerWorks - FREE Tools!
|
Hear how IBM Rational Project and Portfolio Management integrated solutions help teams put the right tools and processes in place to maximize the effectiveness and efficiency of project teams and ensure that the business vision is being executed correctly. Learn how to automate and integrate requirements prioritization, top-down project planning, communications and controls, and methodology deployment to keep your scope, costs, and schedules under control. Tackle with an end-to-end approach the management of scope and scope changes, usage of methodology to control and empower project teams, and optimization of resources to align activity costs with the overall project plan.
FREE! Go There Now!
| | | |
You probably have thousands of lines of COBOL code loaded with business intelligence and being used to run your business, along with an army of developers maintaining these applications. Learn how to prepare your applications and developers so you can keep that competitive edge and move to a service-oriented architecture with the IBM Rational Enterprise Modernization solutions. Replay is available for 9 months.
FREE! Go There Now!
| | | |
Visit IBM developerWorks to download the latest trial version of IBM Data Studio V1.1 at no cost. IBM Data Studio is a comprehensive data management solution that helps you effectively design, develop, deploy and manage your data, databases, and database applications throughout the data management life cycle utilizing a consistent and integrated user interface. Unlike other client-side data management solutions that focus on only one aspect of the application lifecycle or database administration, Data Studio complements the Rational Software Delivery platform, providing unparalleled flexibility for a heterogeneous data server environment across platforms.
FREE! Go There Now!
| | | |
Visit IBM developerWorks to download a free trial of the Rational Host Access Transformation Services (HATS) Toolkit. The HATS toolkit provides a set of plug-ins for the IBM Rational Software Delivery Platform to help you easily extend your legacy applications. HATS makes your 3270 and 5250 applications available as HTML through the most popular Web browsers, while converting your host screens to a Web look and feel and it also enables you to develop new Web, portal, and rich-client applications.
FREE! Go There Now!
| | | |
This tutorial shows new users of IBM WebSphere Business Monitor Version 6.0.2 how to perform the "Hello World" equivalent for monitoring business process applications. It is intended to help you get familiar with the capabilities of the product.
FREE! Go There Now!
| | | |
Analysts, architects, and developers who have existing COBOL or PL/I skills and want to extend those skills to deploy new workloads on the mainframe can use the IBM Enterprise Modernization Sandbox for System z to find hands-on walkthroughs of common real world scenarios. The scenarios provide examples of how to rapidly design, create, assemble, test, and deploy high-quality Web, Web services, portal, and SOA applications for IBM CICS, IBM IMS, and IBM WebSphere Application Server.
FREE! Go There Now!
| | | |
Join this Rational Talks to You teleconference on November 29 at 1:00 pm ET to participate in an interactive discusssion with Grady Booch around architecture and reuse. Get your questions answered!
FREE! Go There Now!
| | | |
Discover how Rational tools and best practices for testing can make your job easier. The new Rational Testing eKits provide you with valuable resources – including demos, webcasts, tutorials, and articles – that help you address your specific testing needs across the software lifecycle. Five new eKits are available covering the topics of Requirements and Test Management, Functional Testing, Performance Testing, Code Quality and Embedded Systems, and SOA and Web Services Testing.
FREE! Go There Now!
| | | |
Whether you are creating new applications or modifying existing ones, managing integration of new components with traditional z/OS elements is a critical part of building and deploying modern applications. Listen to this webcast to see how IBM can help you optimize your development process using an IDE like Rational Developer for System z that integrates with management tools, such as ClearCase to manage your application development on mainframes.
FREE! Go There Now!
| | | |
The unprecedented scope of a service-oriented architecture (SOA) initiative brings to the forefront a number of management and governance issues that were sidestepped in the past. The key to a successful SOA implementation is managing and governing activities throughout the entire SOA delivery lifecycle by ensuring that services conform to the needs of all of the business’s stakeholders. Learn how service lifecycle management allows the business to ensure that the process by which services are defined, created, tested, deployed, optimized and retired is manageable, repeatable and auditable.
FREE! Go There Now!
| | | |
All FREE IBM® developerWorks Tools!
|
|
