|
 |
access_asp thread: ASP and Access 97 Security
Message #1 by "Laphan" <laphan@u...> on Mon, 3 Sep 2001 20:50:13 +0100
|
|
Hi All
I create ASP DSN-less connections to Access dbs, which work fine but I would
like to make them that little bit more secure.
At present, my databases have 1 user called Admin (the default user ID I
believe) and then the password that I give them (ie, fred).
What I want to do is take 'Admin' out of the equation so that a potential
hacker would need to know the password AND the new user id to gain access to
the db.
Can this be done and if so could somebody please advise me on how to do
this?
Many thanks.
Regards
Laphan
Message #2 by "Jim Losi" <jlosi1@t...> on Mon, 3 Sep 2001 16:09:07 -0400
|
|
you can use something like this to test for EOF in that table that holds the
admin name and password
RS.Open "SELECT Name, Pass FROM tblAdmin " & _
"WHERE Name = '" & Request("Name") & "' AND " & _
"Pass='" & Request("Pass") & "'", MyConn
if RS.EOF then
response.redirect "login.asp"
else response.redirect "admincontrol.asp"
end if
RS.close
i woud put th is in a different file (mine's called verify.asp) and include
your ADODB connection in it.
----- Original Message -----
From: "Laphan" <laphan@u...>
To: "Access ASP" <access_asp@p...>
Sent: Monday, September 03, 2001 3:50 PM
Subject: [access_asp] ASP and Access 97 Security
> Hi All
>
> I create ASP DSN-less connections to Access dbs, which work fine but I
would
> like to make them that little bit more secure.
>
> At present, my databases have 1 user called Admin (the default user ID I
> believe) and then the password that I give them (ie, fred).
>
> What I want to do is take 'Admin' out of the equation so that a potential
> hacker would need to know the password AND the new user id to gain access
to
> the db.
>
> Can this be done and if so could somebody please advise me on how to do
> this?
>
> Many thanks.
>
> Regards
>
> Laphan
>
>
Message #3 by "Laphan" <laphan@u...> on Fri, 7 Sep 2001 15:41:50 +0100
|
|
Thanks for the reply Jim, but I don't think my original email explained the
problem too well.
I use basically the same method for gaining access to the db via the web,
but I want to get rid of Admin's access rights for the following reasons:
a) If somebody gets the DSN then they only need to know crack the password
to get into the db to perform their own queries. However if my Admin was
defunct and the only 'person' that could access the db was say 'Bob' then
they would have to crack the userid AND password to get in.
b) If they some how get to the FTP directory of the db and download it they
only need to crack the password to get in.
Yes, I can create a 'Bob' user, but I don't know how to make 'Admin' a
redundant entity.
Please help.
Many thanks.
Regards
Laphan
----- Original Message -----
From: Jim Losi <jlosi1@t...>
To: Access ASP <access_asp@p...>
Sent: 03 September 2001 21:09
Subject: [access_asp] Re: ASP and Access 97 Security
you can use something like this to test for EOF in that table that holds the
admin name and password
RS.Open "SELECT Name, Pass FROM tblAdmin " & _
"WHERE Name = '" & Request("Name") & "' AND " & _
"Pass='" & Request("Pass") & "'", MyConn
if RS.EOF then
response.redirect "login.asp"
else response.redirect "admincontrol.asp"
end if
RS.close
i woud put th is in a different file (mine's called verify.asp) and include
your ADODB connection in it.
----- Original Message -----
From: "Laphan" <laphan@u...>
To: "Access ASP" <access_asp@p...>
Sent: Monday, September 03, 2001 3:50 PM
Subject: [access_asp] ASP and Access 97 Security
> Hi All
>
> I create ASP DSN-less connections to Access dbs, which work fine but I
would
> like to make them that little bit more secure.
>
> At present, my databases have 1 user called Admin (the default user ID I
> believe) and then the password that I give them (ie, fred).
>
> What I want to do is take 'Admin' out of the equation so that a potential
> hacker would need to know the password AND the new user id to gain access
to
> the db.
>
> Can this be done and if so could somebody please advise me on how to do
> this?
>
> Many thanks.
>
> Regards
>
> Laphan
|
|
|
View Cart
