Web forms and MS Access

[MeeksNikiyaM]

We currently have an Access database already set up and we want to use forms on the web to feed into it. The forms ask for basic information about our clients but contain critical information. The problem with putting our Access database on the web server is that it is not secure enough and is open to hackers. Our IT department suggested having the information entered from the forms on the web emailed to our department. The problem is that it would require more data entry on our part and that is the problem that we are trying to solve. My question is does anyone have any code that will take a web form and email the information to someone? Also how can we get this information put into the Access database without someone typing in all the information again?

Thanks again,

Nikki

 

[mission2java_78]

You're asking for a lot here...and what you're asking for is going to be a headache for the person re-entering this data. Have you looked at other options? Why is it potential for hackers to hack your access database? Just use ASP or PHP and connect to your database with privelaged users. You should have a table with all potential client users...

You could however do what you have said easily to get the forms data in an e-mail...that's the simple part of a scripting language like PHP. However parsing this data back into access is not going to be fun.

I suggest you look a little more at this rather than sending the form data to an e-mail and having Joe Blow re-enter this same data....it almost to me sounds like a phone call to Joe Blow would be better than this.

Jon

 

[MeeksNikiyaM]

So far there has not been anyone ever to hack on to our webserver ( so claims the IT people). We weren't really worried about anyone hacking into the database, the IT department just told us that we could not put our database on the web server if it had this critical information in it. The only other option they gave us was to purchase SQL server (which is way over our budget and we have no one with the expertise to use it).

 

[mission2java_78]

Ya..I personnally believe IT teams exagerrate...and most of the time the dorks don't know much about Networking / Programming...so we always wonder why they are there .

I'd slow down a bit before purchasing SQL Server...its pricey and does need a lot of support as well as setting up a database server. Unless you have some good folks who know how to setup a db server and know some stuff on SQL I'd shy away from buying it right now.

Besides that would mean you'd have to get your web client to work with it. I personnally think your IT dept. is worrying way too much. You can build security into the web application based on user names and passwords. This can be a seperate db if you'd like.

 

[MeeksNikiyaM]

That seems like it could work, but how do I password protect just the backend of the database without having forms to go through in Access.

 

[mission2java_78]

Your back end sits on your server and no data is sent to it cause your web form is using unbound controls. You only submit data based on a trigger or event like a submit button on a web page. I dont see how this is going to leak any information from your database.

How about using PHP forms and submitting the results to the database only on the submit of a button...your end users do not see the back end table...since the only thing that passes to it is the data once a submit button is pressed, as well as the db sitting on your web server. They cannot directly via the web get into your database..your database is only accessible via the web client. So end users dont even know what type of db back end you're using..they just see the PHP forms. Also..as I stated previously...to avoid anyone going right into the PHP form and sending crap data to your backend..you simply need to create a table of users who are allowed to use the system as well as their passwords. If users cannot log in they click a link on your php form which sends you an email with their name and the problem they are experiencing. When you get the e-mail you can decide if this person is a potential user or not. If they are you simply add the user in and re-send an e-mail with their user name and password. All of this can be built right into the tool.

Jon