As I'm fairly new to ASP (but quite experienced with PHP, MySQL, 

JavaScript, DHTML, etc.) I have some basic questions about connecting to a 

MS Access database on an ASP-driven web site:



1) Since I will be developing only a portion of a web site (event 

registration) and will have to hand over my code and MS Access database to 

the "system administrator in charge" I was wondering whether I can simply 

ask him to create a DNS on the web server -- or would it suffice to get 

the relative path to the database to make a DNS-less connection?



(Yes, the sys admin is in charge. And he can make my life a living hell if 

I ask him to do something that he doesn't want to do.)





2) How should I secure my database, so that users can register for events 

(i.e., add, update and delete records) but not mess with my database (by 

deleting tables, messing with other user information, etc.)?



Is there a good primer available on how to distinguish users from 

administrators?





Does anyone have good information for an ASP-newbie (such as I) who needs 

to do some seemingly simple database connections and database updates?





Thanks for any help or hints or links,



Mack Samuel





PS: Anyone know how I could easily let my client access the MS Access 

database on the web server through his MS Excel app on his desktop?

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

From: "Mack Samuel" <mack.samuel@h...>

Subject: [access_asp] MS Access :: basic questions...





: 1) Since I will be developing only a portion of a web site (event

: registration) and will have to hand over my code and MS Access database to

: the "system administrator in charge" I was wondering whether I can simply

: ask him to create a DNS on the web server -- or would it suffice to get

: the relative path to the database to make a DNS-less connection?



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



You mean a DSN? :-)

Personally I wouldn't store a databse in the WWW root because it can be

downloaded if someone can guess the name of the file. Storing the file

outside the WWW root is going to require you to either:

a) have a DSN setup

b) know the physical location on the server

Both of which are going to require some co-operation from your systems

administrator. I'd just ask him for two things:

a) a file share for you to put databases in

b) a file share for you to put webpages in eg:



c:\inetpub\wwwroot\ for your webpages and c:\databases\ for your databases.

You then setup an OLEDB connection string ala:



Application("strDBConnect") = _

    "Provider=Microsoft.Jet.OLEDB.4.0;" & _

    "Data Source=c:\databases\mydatabase.mdb"



in the Application_onStart routine in your global.asa



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

: 2) How should I secure my database, so that users can register for events

: (i.e., add, update and delete records) but not mess with my database (by

: deleting tables, messing with other user information, etc.)?



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



You have webpages for this right? The users should only be able to do what

your webpages say they can do. So if you write an UPDATE SQL string in your

webpage, the only thing the user can do is run this update query.



You could create admin webpages which are password protected for you to run

other queries if you want.



Cheers

ken