About securing a data access page

Microsoft Office Access 2003

A data access page is the combination of a link stored in the Microsoft Access database (.mdb) or Microsoft Access project (.adp) file and a corresponding HTML file located in your computer. To prevent a page's link and its corresponding HTML file from being renamed, deleted, or changed, use the file security of the computer where you have stored these files. For example, on your computer, you can make the Access database or Access project file read-only. On the Web server where the page's corresponding HTML file is located (after you have published the page), make the file and the folder where the HTML file is located read-only. For more information about file and folder security, see Microsoft Windows Help.

ShowHelping protect and control database access from a data access page

Consider the following when you want to help protect access to the Access database or Microsoft SQL Server database that the page is connected to:

  • Help protect the database    As with any application, you need to help prevent unauthorized users from accessing the database, and help control the level of access granted once authorized users log on.

    • For Access databases with user-level security, if you want to enable user-level security through a page, you need to make sure that the connection information for the page specifies the correct workgroup information file and that this file is in a network share accessible to all users. Modify the connection to the page in the Data Link Properties dialog box by clicking the All tab, double-clicking Jet OLEDB:System database, and then specifying the UNC path to the correct workgroup information file in the Property Value box.

      If you set a database password on an Access database that is connected to a page, users will be prompted for the password the first time they view the page.

    • For an SQL Server database, if you want to use Microsoft Windows integrated security to connect from a page, modify the connection to the page in the Data Link Properties dialog box by clicking Connection, and then clicking Use Windows Integrated security.
  • Don't save the user name and password with the page    If the user name and password to the database are saved with the page, any user can log on to the database. If you want the page to prompt the user to log on to the database, modify the connection to the page in the Data Link Properties dialog box by clicking the Connection tab, and then clearing the Allow saving of password check box.

  • Return records based on a user name    You might want to create a page that doesn't require entering a user name and password, but can automatically detect who the user is and display records based on that user. For example, you could create a page that allows users to change their personnel file. The general steps for doing this are:

    • Create a page in an Access project connected to an SQL Server database that employs Windows integrated security technology.
    • Add a column to the employee table that has each employee's Windows log on user name.
    • Create a view that uses the suser_sname() function to detect the user currently logged on, and make that view the page's record source. For more information about the suser_sname() function, see Microsoft SQL Server Help.

ShowPreventing unauthorized access by a malicious script

A data access page uses the Microsoft Office Data Source Control (MSODSC) to connect to its data source. When a user opens a page, the MSODSC on the page may use the user name of that user to log on to the database. A malicious page author could try to exploit this and attempt to access databases on servers that are accessible to the user but not to the page author. The mode of data access used by the MSODSC determines whether a page meets industry-standard security levels, or if cross-domain data access is possible from the page. You can configure the MSODSC to use two modes of data access: two-tier or three-tier data access.

Two-tier data access is a direct connection to a data source in a traditional client/server fashion— the client (first tier) makes a direct connection to the database server (second tier). To perform two-tier data access, the MSODSC makes a direct connection to its data source through an OLE DB provider that is registered on the user's computer. For an Access database, two-tier data access uses the local computer's Microsoft Jet 4.0 OLE DB provider to connect to an .mdb file located on a network share. For an SQL Server database, two-tier data access uses the local computer's Microsoft OLE DB provider for SQL Server to connect to a database server available on your local network.

Three-tier data access refers to using a third, remote, component between the client and database components. Three-tier data access is typically used to access data across the Internet. For three-tier data access that uses the MSODSC, this third component is the ActiveX Data Objects (ADO) Remote Data Service (RDS) component (also called Data Factory) running on Microsoft Internet Information Services (IIS).

Any page that uses two-tier data access is considered by Microsoft Internet Explorer to be making a cross-domain access attempt. Depending on the security settings in Internet Explorer, when a user opens a page by using two-tier data access, one of three things occurs: the page is automatically disabled, the user is asked whether to allow data access, or the page is automatically enabled. Depending on future security patches and upgrades, these options may be different for your system. You should check the Web or ask your system administrator for additional information about new security patches or upgrades.

Internet Explorer security settings also define different security zones. If a page is on a Web server in a trusted zone, the cross-domain attempt can be enabled automatically. In a controlled environment, such as a corporate intranet, your pages will perform better if you use two-tier data access and make sure that they are published from a server located in a trusted security zone. This is the simplest way to help protect against unauthorized access from malicious scripts. For more information about security settings, see Microsoft Internet Explorer Help.

A page that uses three-tier data access to connect to a database is considered to meet industry-standard security levels regardless of what Internet Explorer security zone it is published from. This means that Internet Explorer will not warn the user about cross-domain data access attempts when three-tier pages are opened if authentication settings have been left to their default configuration.