For some reasons, I did not want to hardcode the Database location in the application. Instead, when a user logs in, he can choose the database location using a folder browser control, if the location has changed.
Now, I realize that for this, I have to put the database in a shared folder, which makes it quite vulnerable. Having pondered over the problem for sometime, a solution that comes to my mind is to place a Text file in the same shared folder that always contains the correct path of the database. When a user chooses that folder, I will read the actual path of the database from the text file, and move the database to a non-shared folder.
I haven't yet implemented this approach, but felt it better to consult someone before. So, would this approach work, and is it a good idea.
For information purposes, I consider it important to mention that the database is in MS Access. I know this is not a place for discussing it, but this is a general security concern. So, I thought
people would not mind answering it....
Hi,
how aout securing the MDB file using the appropiate NTFS permissions and eventually additional Access password security or using an ldb file ? I don′t know if there can be concurrent users on the database, but coyping the database file to a shared folder will allow other users also to copy the file to another folder and working on it, for you having the trouble to bring the data together afterwards.
HTH, Jens K. Suessmeyer.
http://www.sqlserver2005.de
|||More than the problem of bringing it together afterwards, I am worried about someone manipulating it mischievously. That's why I thought of putting the database in a non-shared folder on the server and a text file in a shared folder, which will always
contain the correct path of the DB on the server.
So, when a user logs in, he will select the path of the text file. As he
will do so with a folder chooser, he will not know that the folder contains a
text file & not the actual DB. Internally, I will read the database path from
that file in my application, & use that path to construct the connection
string...
I think this approach will shield the database from direct access on the network, using an explorer etc.
I already have Access password security, but still I dont want the database to be directly accessible on the network.
Can you elaborate a bit more on securing the Database on the server with NTFS permissions, in a way that my application can still access & manipulate it?|||
One thing, you cannot perform such move/copy with a SQL Server database as that will be in exclusive use of SQLengine.
Refer to KBA http://support.microsoft.com/kb/295234, http://support.microsoft.com/kb/307901 and link http://vb123.com/toolshed/links/map/opr.htm for more information.
|||There are two things I will mention again here...1) My database is in Access
2) And, I am not moving the Database at run-time. The database will remain in its non-shared folder. And there will be a text file, that will act as a sort of pointer to the database location for my application, as I will read the DB path from the text file.|||
I suggest posting this question on a Microsoft Access or Microsoft Visual Basic forum instead of this one. This forum is used for posting questions related to Microsoft SQL Server security features, as you observed, and your question is Access specific.
Thanks
Laurentiu
Hi,
You can do this well with NTFS permission with Read right for everyone in Group so that everyone can read the database files (this will not make user to able to copy files/folder too) , and give write/modify permission to specific users who need to insert/update/delete records in your access database. Refer www.windowsecurity.com/articles/
HTH
Hemantgiri S. Goswami
No comments:
Post a Comment