Solved

MS Access 2010 security when accessing SQL Server online

Posted on 2014-04-15
6
627 Views
Last Modified: 2014-04-16
I built an Access 2010 front-end application that connects via ODBC linked tables to MS SQL Server which is hosted online. My customer is happy with the database in general but has become concerned with a perceived risk from hackers that might be able to grab/sniff his login credentials to the SQL Server while using this database on public wifi networks, etc.

What are my options for making this database configuration more secure? I have researched this online some, but I'm not coming away with anything that I really understand.

Thank you,
Riverwalk
0
Comment
Question by:RiverWalk
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
  • 2
6 Comments
 
LVL 32

Assisted Solution

by:jadedata
jadedata earned 250 total points
ID: 40003760
My projects are launched from behind client firewalls via VPN or secure (as secure as their IT departments have made them) connections.  My clients can VPN in from airports and cafes all they like.

I suggest that a secure connection be required to start the front end, perhaps by putting up a terminal or application server as I have done on all of my projects in the last 15 years.  Virtualization technology has made this alot easier and cheaper to do.

If the client is so concerned ... what are they doing logging into a suspect connection from a public zone.

Just because you CAN do a thing, does not mean you SHOULD do a thing
0
 
LVL 58

Accepted Solution

by:
Jim Dettman (Microsoft MVP/ EE MVE) earned 250 total points
ID: 40003997
As has been said, most connections are done over a VPN (Virtual Private Network), which is an encrypted form of communications.

But if your not using VPN's, then you'll want to make sure SQL Server is configured to use SSL (Secure Sockets Layer).

This is a form of encryption that occurs over TCP/IP connections and anything that is transmitted is not visible.

This is what is used with web sites when you use a URL starting with https and see the little lock icon in your web browser.

Jim.
0
 

Author Comment

by:RiverWalk
ID: 40004083
jadedata - Thank you for the info. I am a little confused about how VPN works. Are your clients opening an MS Access front-end that resides on their local hard drive or are they connecting to another PC and using Access remotely, on another PC?

Thank you,
Riverwalk
0
PeopleSoft Has Never Been Easier

PeopleSoft Adoption Made Smooth & Simple!

On-The-Job Training Is made Intuitive & Easy With WalkMe's On-Screen Guidance Tool.  Claim Your Free WalkMe Account Now

 
LVL 32

Expert Comment

by:jadedata
ID: 40004100
the MDB/AccDB is located on a virtual server with a copy set aside in a user folder on the Virtual Svr on a MS Application server.  The user can't even see it until they are securely behind the firewall
0
 

Author Comment

by:RiverWalk
ID: 40004102
JDettman - Thank you for your response.  Is there something that I also configure in the ODBC connection to make this work? And so are you telling me that if it is configured to use SSL then all information sent to the online MS SQL Server from within the MS Access database and all that is pulled back to MS Access will not be visible to hackers even when the database is accessed via public networks?

Also, would the database be secure if the users connected to the Internet via their own wireless hot spot device as apposed to a public network? I guess I'm wondering for example if the data being sent back and forth when using the database would be encrypted and secure from hackers if they were to intercept the air-born data.

Thank you,
Riverwalk
0
 
LVL 58
ID: 40004189
<<Is there something that I also configure in the ODBC connection to make this work? >>

  You configure it on the client side or on the server side.  For details on all that, you can refer to this:

How to enable SSL encryption for an instance of SQL Server by using Microsoft Management Console
http://support.microsoft.com/kb/316898

<<so are you telling me that if it is configured to use SSL then all information sent to the online MS SQL Server from within the MS Access database and all that is pulled back to MS Access will not be visible to hackers even when the database is accessed via public networks?>>

 That is correct.  It will all be encrypted.

<<Also, would the database be secure if the users connected to the Internet via their own wireless hot spot device as apposed to a public network? I guess I'm wondering for example if the data being sent back and forth when using the database would be encrypted and secure from hackers if they were to intercept the air-born data.>>

  Yes.

 Same is true with VPN.   A VPN is a defined point to point tunnel over public connections.  

 It's typically used for remote users when they need to reach a specific network (like the one in your office).   All VPN traffic is encrypted, so if your using VPN's, you would not need to use SSL on top of that.  

 Besides the encryption, VPN gives users access to network resources, such as shared drives, printers, etc.   It's as if you walked into the office, plugged your laptop into a network port, and were on the office network.

 SSL doesn't give you that.   It only gives you a secure connection from one point to another, and the points don't have to be predefined.

 For example, I can have an SSL connection with Google, and then a few minutes later have one with Amazon.  But I can't see any of the computers, printers, etc on Amazon's or Google's network.

Jim.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In earlier versions of Windows (XP and before), you could drag a database to the taskbar, where it would appear as a taskbar icon to open that database.  This article shows how to recreate this functionality in Windows 7 through 10.
In Part II of this series, I will discuss how to identify all open instances of Excel and enumerate the workbooks, spreadsheets, and named ranges within each of those instances.
Show developers how to use a criteria form to limit the data that appears on an Access report. It is a common requirement that users can specify the criteria for a report at runtime. The easiest way to accomplish this is using a criteria form that a…
In Microsoft Access, learn how to use Dlookup and other domain aggregate functions and one method of specifying a string value within a string. Specify the first argument, which is the expression to be returned: Specify the second argument, which …

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question