Using Data Access Pages with Workgroup Security



One approach that I recommend to protect your database is denying all but the most important users any direct access to the database. Once you do that, you have to find another way for these users to access the database, and for that task I suggest that you try an Internet technology called data access pages (DAP). This less-than -popular technology works by using ADO and some software objects that are installed with Access 2000 or later. The principal difference between DAP and most Internet technologies you may have dealt with is that it works with software on the client computer rather than on the host to interact with the Access database. DAPs are useful for interactive reporting, interactive cube analysis and charting, and simpler data entry and management.

Note  

If you have never paid much attention to DAP, you should have a look at the samples that come with the Northwind database. In particular, have a look at how the reports work, because they are quite interactive and offer a different style of solution to the conventional Access report.

Earlier in the chapter, in the section "The Developer Workgroup File and Security Revisited," I described how to use the User -Level Security wizard to secure the Northwind database. In that list of instructions, I asked you to copy the HTML ( *.HTM ) files from the Samples directory to the temporary directory in which you are experimenting. You will now need these HTML files, because they are your data access pages. Inside the DAP HTML, you will find the instructions to connect to your database and open the appropriate DAP objects. You may also want to copy the *.BMP files from the sample directory if you want to see images on the Employees DAP. Now I will show you how to convert your DAPs to the workgroup-secured database.

  1. Open the database by using your developer workgroup file and Developer account. The User-Level Security wizard probably left a shortcut on your desktop so that you can open the correct workgroup file.

  2. Find the Pages object type in the Database window and choose a page, such as Employees. Open it, and you will find that your links no longer exist or that the data provider will not work. Fix the link by finding the employees.htm in the directory with your sample database.

  3. To fix the problem that you are having with the data provider, open your DAP in design view. Ignore the "Can't Find" warning that comes up, because you can't do anything about it.

  4. Choose View ˜ Properties and then edit the connection string. The Data Link Properties dialog appears, as shown in Figure 11-11. Alternatively, you can click the Page Connection Properties button at the top of the Field List pane.

    click to expand
    Figure 11-11: Changing the location of the database in the Data Link Properties dialog.

  5. Now connect the DAP page the mischievous way, by saving the user name and its password in the HTML of the DAP page. To complete the roguish connection, type the Developer account and password into the User Name and Password fields and select the Allow Saving Password check box.

  6. Choose the All tab and edit the Jet OLEDB:System Database property. Type in the name and path to the system database, as shown in Figure 11-12.

    click to expand
    Figure 11-12: Changing the System Database property to point to the workgroup file.

  7. Click OK in all the dialog boxes and click Yes to save the password in an unencrypted format.

You should now have a full list of tables and fields in the Field List pane, as shown in Figure 11-13.


Figure 11-13: The Field Pane, showing all tables.

That concludes the discussion on converting the DAP to using a secured database. Well, sort of! What we have now is a DAP that uses workgroup security with a password embedded in an unsecured HTML text file. This working page will provide a good reference point as we move to a better model and will speed your development. For the record, the DAP that we have been working on is a data entry page (as shown in Figure 11-14).

click to expand
Figure 11-14: The Employees DAP, which now works with user-level security.

If we were to poke around in the HTML of the DAP, we would find that the user name and password are stored in plain text in the body of the HTML. This is a security breach that you clearly want to avoid. To fix this matter, open your DAP in design mode and remove the password. Now, when someone opens the DAP, he or she will encounter a password dialog like that shown in Figure 11-15. Once you have tested your page inside Access, you need to test it by using Internet Explorer.


Figure 11-15: When users open a data access page, they will need to enter a user name and password to view it.

Other DAP Protection Issues

Because each DAP is stand-alone, you must be organized when managing your DAPs. To help you set up your DAPs for your users, here are some things to consider:

  • Place the workgroup file in a network folder by using a path that will be the same for everyone.

  • Ensure that your developer account is not in the workgroup file that the DAP uses.

  • Consider setting up a workgroup file with only one group account in it to limit susceptibility to password-cracking software.

  • Access doesn't provide workgroup security for the links stored in the Pages tab of the Database window.

  • Consider using operating system security to place read-only permissions on the HTML files.

  • You cannot develop in different versions of Access for DAP. If you have Access 2002, you will render the DAPs unworkable in Access 2000 if you edit them.

  • Make sure that you are using workgroup files and databases that are created with the same version format; that is, both 2002 or both 2000.

  • When the security wizard runs, it doesn't change the security of your DAP files.

Now I will discuss some of the protection and security issues that relate to Access Data Projects.




Real World Microsoft Access Database Protection and Security
Real World Microsoft Access Database Protection and Security
ISBN: 1590591267
EAN: 2147483647
Year: 2003
Pages: 176

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net