Solved

MS Access 2010 security when accessing SQL Server online

Posted on 2014-04-15
6
610 Views
Last Modified: 2014-04-16
I built an Access 2010 front-end application that connects via ODBC linked tables to MS SQL Server which is hosted online. My customer is happy with the database in general but has become concerned with a perceived risk from hackers that might be able to grab/sniff his login credentials to the SQL Server while using this database on public wifi networks, etc.

What are my options for making this database configuration more secure? I have researched this online some, but I'm not coming away with anything that I really understand.

Thank you,
Riverwalk
0
Comment
Question by:RiverWalk
  • 2
  • 2
  • 2
6 Comments
 
LVL 32

Assisted Solution

by:jadedata
jadedata earned 250 total points
ID: 40003760
My projects are launched from behind client firewalls via VPN or secure (as secure as their IT departments have made them) connections.  My clients can VPN in from airports and cafes all they like.

I suggest that a secure connection be required to start the front end, perhaps by putting up a terminal or application server as I have done on all of my projects in the last 15 years.  Virtualization technology has made this alot easier and cheaper to do.

If the client is so concerned ... what are they doing logging into a suspect connection from a public zone.

Just because you CAN do a thing, does not mean you SHOULD do a thing
0
 
LVL 57

Accepted Solution

by:
Jim Dettman (Microsoft MVP/ EE MVE) earned 250 total points
ID: 40003997
As has been said, most connections are done over a VPN (Virtual Private Network), which is an encrypted form of communications.

But if your not using VPN's, then you'll want to make sure SQL Server is configured to use SSL (Secure Sockets Layer).

This is a form of encryption that occurs over TCP/IP connections and anything that is transmitted is not visible.

This is what is used with web sites when you use a URL starting with https and see the little lock icon in your web browser.

Jim.
0
 

Author Comment

by:RiverWalk
ID: 40004083
jadedata - Thank you for the info. I am a little confused about how VPN works. Are your clients opening an MS Access front-end that resides on their local hard drive or are they connecting to another PC and using Access remotely, on another PC?

Thank you,
Riverwalk
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 32

Expert Comment

by:jadedata
ID: 40004100
the MDB/AccDB is located on a virtual server with a copy set aside in a user folder on the Virtual Svr on a MS Application server.  The user can't even see it until they are securely behind the firewall
0
 

Author Comment

by:RiverWalk
ID: 40004102
JDettman - Thank you for your response.  Is there something that I also configure in the ODBC connection to make this work? And so are you telling me that if it is configured to use SSL then all information sent to the online MS SQL Server from within the MS Access database and all that is pulled back to MS Access will not be visible to hackers even when the database is accessed via public networks?

Also, would the database be secure if the users connected to the Internet via their own wireless hot spot device as apposed to a public network? I guess I'm wondering for example if the data being sent back and forth when using the database would be encrypted and secure from hackers if they were to intercept the air-born data.

Thank you,
Riverwalk
0
 
LVL 57
ID: 40004189
<<Is there something that I also configure in the ODBC connection to make this work? >>

  You configure it on the client side or on the server side.  For details on all that, you can refer to this:

How to enable SSL encryption for an instance of SQL Server by using Microsoft Management Console
http://support.microsoft.com/kb/316898

<<so are you telling me that if it is configured to use SSL then all information sent to the online MS SQL Server from within the MS Access database and all that is pulled back to MS Access will not be visible to hackers even when the database is accessed via public networks?>>

 That is correct.  It will all be encrypted.

<<Also, would the database be secure if the users connected to the Internet via their own wireless hot spot device as apposed to a public network? I guess I'm wondering for example if the data being sent back and forth when using the database would be encrypted and secure from hackers if they were to intercept the air-born data.>>

  Yes.

 Same is true with VPN.   A VPN is a defined point to point tunnel over public connections.  

 It's typically used for remote users when they need to reach a specific network (like the one in your office).   All VPN traffic is encrypted, so if your using VPN's, you would not need to use SSL on top of that.  

 Besides the encryption, VPN gives users access to network resources, such as shared drives, printers, etc.   It's as if you walked into the office, plugged your laptop into a network port, and were on the office network.

 SSL doesn't give you that.   It only gives you a secure connection from one point to another, and the points don't have to be predefined.

 For example, I can have an SSL connection with Google, and then a few minutes later have one with Amazon.  But I can't see any of the computers, printers, etc on Amazon's or Google's network.

Jim.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is a continuation or rather an extension from Cascading Combos (http://www.experts-exchange.com/A_5949.html) and builds on examples developed in detail there. It should be understandable alone, but I recommend reading the previous artic…
It’s the first day of March, the weather is starting to warm up and the excitement of the upcoming St. Patrick’s Day holiday can be felt throughout the world.
Familiarize people with the process of utilizing SQL Server functions from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Ac…
What’s inside an Access Desktop Database. Will look at the basic interface, Navigation Pane (Database Container), Tables, Queries, Forms, Report, Macro’s, and VBA code.

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question