Why experts have no faith in MS Access?

S

shaileshak

Registered User.
Local time
Today, 23:25
Joined
Jun 27, 2002
Messages
12
Hi All,
I have developed a database in MS Access (version 97) which is working perfectly fine. When it came to the 'acceptance panel' they were concerned about the security issues just because it is “MS Access”. I totally agree with it as that is what I heard others saying about MS Access.

The powerful features and simplicity of MS Access amazed me when I studied it for creating the above database. Hence I am sure that Access definitely would have excellent security features.

How safe is to put MS Access database online using ASP with ‘user sessions’? What are the security measures that I should consider just because it is MS Access? Is it very easy to hack MS access database sites? Can any one support MS Access and me?

Many thanks

shaileshak
 
MS Access is a great database but you have to keep in mind what the developers were trying to develop. And that was a simple desktop database. Access wasn't designed to have a lot of users accessing it at the same time. Therefore it didn't need as robust security that you find in dbs like SQL Server and Oracle. Whether Access will work for your project depends on what you need it to do. Now another option is to use Access as a front end and SQL Server as the backend. Then you get all the power of a bigger database and the user interface is just as easy to develop. If you're going to setup the user interface for web use you might want to consider SQL Server as the back end and ASP as the front end.

Once again, MS Access is great but it has its purposes. As an analogy access is like a car and SQL Server is like a plane. Both are used for transportation but a plane can carry more and travel faster. But at the same time planes don't make cars obsolete.
 
Thanks Rob. :)
I clearly understand what you mean. I still hope a car would be cost effective for my project and I have to drive very carefully as I am about to enter a very busy and dangerous highway.

Regards,
shaileshak
 
The problems with Access are that it becomes very hard to do fancy security with it. Such as restricting users by records rather than whole tables. Or restricting users by columns rather than whole tables. Access uses a light-weight security model. Oh, it has most of the basics. But NONE of the frills.

The other problem is that Access imposes a major security penalty at the network level if it is to be shared. You see, you have to put it in a directory where ALL of your users have

- Read
- Write
- Modify
- Scan
- Create
- Delete

The Create/Delete/Modify comes about because of file locking using the .LDB file. If you are first user of the day into the database, your session will create the .LDB file, then will have to modify that file depending on what you open. If you are the last user of the day to close the database, your session will have to delete the .LDB file.

Unfortunately, some network admins don't like giving out that set of rights too often. In particular, Create and Delete on a shared area can make the best administrators at least nervous if not downright paranoid.
 
You wrote
<<
How safe is to put MS Access database online using ASP with ‘user sessions’? What are the security measures that I should consider just because it is MS Access?
>>

If you are using an Access data base from an ASP page then normal Access security features don't matter.

The Access MDB should not be placed on a Web server but rather connected via ADO.

That means your Web users can not "hack" into the database.

IMO, your local acceptence panel needs some technology training.

RichM
 
RichM Wrote: "The Access MDB should not be placed on a Web server but rather connected via ADO."

How can I access a .mdb file with out placing it on a web server? The ASP code that I use to connect to my database hosted in a Web server is given below. Is that what you meant by ADO connection? If so would it be secure? I think one can browse the folders and can download the database directly!!

Dim cn, strcn, dbfile
Set cn=Server.CreateObject("ADODB.Connection")
dbfile=Server.MapPath("../database/test.mdb")
strcn = "driver={Microsoft Access Driver (*.mdb)};dbq="&dbfile
cn.Open strcn

(I have done no write operation (insert/update) to the Access database from web interface.)

Thanks to all of you

shaileshak
 
Yes, that's ADO.

The path to the back end database can point to a different server than the one that hosts the ASP page. There are some "bug" entries in the Microsoft knowledge base about connecting to databases on remote servers using Novell networks. In general it works.

A user who comes to your web site via a browser generally does not have the ability to "browse" directories on the web server nor can they download a database **** unless the web site directory exposes the folder that contains the database.

This is the way it is using IIS (internet information server) from Microsoft.

RichM
 
You must log in or register to reply here.

Similar threads

S
MS Access 2021 LTSC Compatibility issue
Replies
6
Views
329
spaLOGICng
S
S
Should I Learn MS Access in the AI Era?
2 3
Replies
50
Views
5,146
SachAccess
S
I
ODBC-MS Access Connection Call Failed Error 3146
Replies
14
Views
872
Irwan
I
N
MS Access VBA Vs JAVA
Replies
2
Views
771
CJ_London
C
murray83
AccessTris: A Tetris Clone in MS Access
Replies
8
Views
1,301
murray83
murray83

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top Bottom