Securing an Access Database
Posted on 2003-02-25
I have an Access database on a webserver and am using ADO to access it from an ASP app. There are two ways I know of to secure this database. One is to set a database password, and the other is to limit database access by restricting it with a username and account password. Here are the problems I am having:
Username and account password route:
This is what im currently using. It works fine, but if the database is downloaded or somehow separated from the MDW file, it just gives anyone access. I have imported the data into my MDW so they cant be separated, but then if the MDW is simply renamed to something else the auth once again doesnt trigger and anyone has instant access.
Set Database password:
I have a feeling this is the proper route, but unfortunately, my code no longer works if I implement this.
strConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;"
strconnectionstring = strconnectionstring & "Data Source= " & server.mappath(DATABASE) & ";"
strconnectionstring = strconnectionstring & "Database Password=myPass;"
strconnectionstring = strconnectionstring & "Jet OLEDB:System database=" & server.mappath("../SYSTEM.MDW")
Set cnn = Server.CreateObject("ADODB.Connection")
cnn.Open strConnectionString, "Admin", "myPass"
Set Clients = Server.CreateObject("ADODB.Recordset")
strSQL = "SELECT * FROM Clients" & SQLsort
Clients.Open strSQL, cnn
I get an ISAM error.
Microsoft JET Database Engine (0x80004005)
Could not find installable ISAM.
/secure/clients.asp, line 231
I've checked everything and my ISAM drivers are up to date. The registry paths are also correct. I find it odd that i only get this error when I add the "Database Password= " line.
Credit will be given for this question if you can solve either one of these problems, or come up with a third solution that secures the database successfully.