Permissions on Web Host for SQL

TrinitySolutions
TrinitySolutions used Ask the Experts™
on
I currently have a SQL database hosted on a godaddy site.  I have allowed Access 2007 direct access (linked) to the tables while I work on ASP pages for them.

How should security be handled and set up for this and where it is done at?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Since godaddy only permits one SQL login per database, it is difficult to manage security properly.  The login you are granted has full access to the database.

Author

Commented:
Hmm.   I might can work with that.  Is there anything else to do to make sure this info is secure?
make your password secure and ensure your MDB is secure.  why are you using an MDB to interface your database anyway?
11/26 Forrester Webinar: Savings for Enterprise

How can your organization benefit from savings just by replacing your legacy backup solutions with Acronis' #CyberProtection? Join Forrester's Joe Branca and Ryan Davis from Acronis live as they explain how you can too.

Author

Commented:
It's going to take me a little bit to write the ASP pages for the client, and in the mean time, they need to have their information accessible from the web.  They are comfortable with Access, as that is what they were using at the desktop level.  

my database (SQL 5) is in the app_data directory.  Is there anytihng else to make it secure?
what do you mean SQL 5?  As in MS SQL Server 5?  not 2005????

Author

Commented:
Sorry, missed a keystroke or two.  Yes, SQL Server 2005.
so you have an sdf file and you are going to use access to connect directly to it?

Author

Commented:
Yes.   It's only about 4 Mg.  I've got it loaded, and created linked tables with Access.  My plan is to forward the database with linked tables and reports, etc. to the couple of users who will be needing it so they can continue while I write the ASP pages.

So, given that, any ideas on security?
Well the problem you will have is that unless you have an SSL connection established to the web server, the credentials will be sent across the wire in the clear.  The only way to truly secure a web based database is to have it's access isolated and accessible only from the web server.

Author

Commented:
That's possible.  How would I set up a SSL connection that would be in effect when connecting to the database?
Well if you are on a shared host, you don't have access to the SQL/web Server to do it.  You have to get a cert from godaddy I believe.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial