TPU ChatChat on IRC
Internet Relay Chat?
Java Applet client
Who's on IRC?
Posted by Kruptos [send private reply] at April 08, 2003, 11:11:02 PM The Dilemma:
I've written a series of ASP scripts that interface with an MS Access database. These are being stored on a webserver running IIS 5. The scripts and database are in the same directory, but there's no reason that can't be changed if it would somehow solve the problem, which is... How can I modify the permissions on the database to allow write, read and modify privileges to ONLY the scripts trying to access it, and not any users (or viruses) that might try to edit it from elsewhere. Thus far, I've only been able to make it so that EVERYONE (meaning all accounts) with access to the DB can edit it. I know this can be done, because its exactly what Frontpage extensions do with their databasing. They avoid my problem by giving privs to one script (or ASP application) which can only be accessed by other scripts available to the user. The web server is running MS Windows 2000 Server Pro. Any help would be appreciated.
Posted by Mike_L [send private reply] at April 09, 2003, 09:27:19 PM Does the Access DB have to be set up in ODBC in order for the webserver process to connect to it? If there is no network access to the Access DB then you are safe from remote intrusions directly into the DB. If there is a network port, then you can firewall it with Win2K's filtering system (advanced tab on tcp/ip protocol settings). Nothing will protect a DB from a virus that is already in the system.
I question your choice of MS Access. In my opinion, Access is a poor excuse for a database. Even MS SQL Server is a better choice - provided that you keep it patched. With a real database, you can block the network port, or set it up to only accept connections from localhost (127.0.0.1). Also, a real database will allow you to create user accounts and assign specific permissions to different users. Then you may put the username and password in your ASP scripts.
Hope this helps.
Register as a new user