Write-only Access to Database on Network Drive?

**pod** · Dec 15 '11, 01:20 PM

This is what I do, my website is on an IIS webserver on one of my dev computers.
If you are using the same, ...

try settings the security of the network folder where the database resides to allow only a few authorized users (yourself and network administrators perhaps)

then set your webserver's website "Directory Security" tab, "Anonymous access and authentication control" properties to use one of these authorized accounts to access the data.

It might not be the best method or the only one but it works for me.

P:oD

**NeoPa** · Dec 15 '11, 03:34 PM

I don't believe Access will work with anything less than full access permissions available (At the file level at least). It may be that one could get around this in the way suggested by POD using IIS security, but I know little of that. If not, then I would at least ensure the project is coded to allow only reading of the data.

**Rabbit** · Dec 15 '11, 04:58 PM

You can't prevent them from opening or reading data. But you can encrypt the data you insert into the database. Just make sure to use an mde version of the database so they can't get the key from the code. At least not easily anyways.

**postman** · Dec 15 '11, 06:24 PM

Rabbit, could you expand on that, please? Do you mean simply encrypting the Access database file with a password?

If so, how do you allow the ActiveX ADO object in the local web application to access the database without supplying the password in the connection string (which is easily viewable)?

**Rabbit** · Dec 15 '11, 06:42 PM

I don't mean the built in encryption. I mean implementing your own encryption in code and inserting all data by first running it through that function.

**postman** · Dec 15 '11, 07:06 PM

I see.
The function for encrypting the data would be in the javascript code in the web application, right? There's no way to have VBA Functions in the database file run unless the file is open, is there?

In your comment below you said to use an MDE (or ACCDE for 2007+) version of the database so the user couldn't get the key. But if the encryption function is in the front-end application, wouldn't a user be able to view the source and determine the key that way?

Never done encryption before, so any suggestions on that would be much appreciated.

**Rabbit** · Dec 15 '11, 07:43 PM

No, not in the front-end, because as you say, they can just see the encryption key in the code. It would have to open the database so it can run it through the compiled VBA in the database so the encryption key is at least in an unreadable format.

**postman** · Dec 15 '11, 09:16 PM

Rabbit, you have been immensely helpful and I don't want to take much more of your time, but could you point me in the right direction of how to open the database to execute the compiled code using javascript?

This is an example of the Javascript code in the front-end I'm using to insert the data into the database now:

Code:

function AddToDB() {
objConn = new ActiveXObject("ADODB.Connection");
conn_String = "Provider=Microsoft.ACE.OLEDB.12.0; Data Source=" + dbPath;
sqlStr = "INSERT INTO TableName VALUES (" + var1 + ")";
objConn.Open(conn_String);
objConn.Execute(sqlStr);
objConn.Close();
}

Thanks in advance.

**Rabbit** · Dec 20 '11, 07:52 PM

You would create an Access Object and from there you have can do pretty much anything that you can do when you open Access manually.
So instead of new ActiveXObject(" ADODB.Connectio n"), use new ActiveXObject(" Access.Applicat ion").

**postman** · Dec 20 '11, 09:15 PM

Thank you, Rabbit! I will try that.

Write-only Access to Database on Network Drive?

Write-only Access to Database on Network Drive?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment