I currently run a number of Access databases as a front end that connect to databases on the company SQL server. The connection method I use is windows authentication. All front end databases I distribute are compiled accde files. The IT department who are responsible for the servers have highlighted a potential security risk. If the connection to the server goes down, when the database is opened then Access throws a dialog box explaining it cannot connect to the server and gives out the server name. Armed with the server name the IT department showed how using a third party app called heidi SQL, a user could connect to the server using their windows authentication, obtain all the database names, see all the tables and do what they want with them. The IT department have suggested setting up a SQL server user and then changing from windows authentication to SQL server authentication for all my databases/objects. I am no expert on SQL Server or it's security, but I originally went down the windows authentication route having read many articles some years ago that suggested this was the most safe route.
Some questions I have:
Some questions I have:
- Would changing from windows authentication to SQL server authentication be the best way forward?
- Is there any way to suppress MS Access displaying the server name upon opening if the network is down? (I figure if they do not have the SQL server name then it becomes a lot harder to use third part SQL editors)
- Is there any way to remove visibility of databases and/or table names if someone connects to the SQL server using apps like Heidi SQL? (I figure if they can't see database and table names it is a lot harder for them to do damage)