Page 2 of 2 FirstFirst 12
Results 16 to 23 of 23
  1. #16
    isladogs's Avatar
    isladogs is offline MVP / VIP
    Windows 10 Access 2010 32bit
    Join Date
    Jan 2014
    Location
    Somerset, UK
    Posts
    5,954

    You are missing the point I was making. No computer program/application is 100% secure. That certainly includes any browser based applications such as a 'Web interface with ASP'.
    SQL Server is more secure than Access which is more secure than e.g. Excel. However any of these can be hacked by a skilled and determined hacker with sufficient time and motivation.
    Colin, Access MVP, Website, email
    The more I learn, the more I know I don't know. When I don't know, I keep quiet!
    If I don't know that I don't know, I don't know whether to answer

  2. #17
    keviny04 is offline Competent Performer
    Windows 10 Office 365
    Join Date
    Apr 2015
    Posts
    128
    Quote Originally Posted by isladogs View Post
    You are missing the point I was making. No computer program/application is 100% secure. That certainly includes any browser based applications such as a 'Web interface with ASP'.
    SQL Server is more secure than Access which is more secure than e.g. Excel. However any of these can be hacked by a skilled and determined hacker with sufficient time and motivation.
    But some platforms are inherently (way) more secure than others, that's my point. A platform that leaves a client that houses all the developmental components that need extraordinary effort to cover up is always less secure than a platform that doesn't leave anything to the user. You must know this. Your test database is a good exercise, but it only shows how cumbersome a task like this would get. As I said, time is money. If the OP would have to develop everything from scratch to achieve his goal (as all indications seem to be), he might as well develop this on another platform that is inherently more secure.

  3. #18
    Join Date
    Jun 2010
    Location
    Belgium
    Posts
    1,035
    I'm a SQL server DBA for more than 20 years, and I must say that SQL server itself can be secured for 99,99 %. You can set read/write rights not only per table/view but per column and set execute rights on all procedures/functions. If a SQL server database gets hacked it's mostly by human error: insecure passwords or incorrect security settings, or connection strings in the user interface that are not properly encrypted.

  4. #19
    isladogs's Avatar
    isladogs is offline MVP / VIP
    Windows 10 Access 2010 32bit
    Join Date
    Jan 2014
    Location
    Somerset, UK
    Posts
    5,954
    Hi @NoellaG
    Yes I agree that SQL Server can be made very secure and that most of the causes of hacking are due to human error.
    However I do know of at least two vulnerabilities that can be used to view SQL data bypassing security.
    For obvious reasons I won't disclose those in a public forum.
    Colin, Access MVP, Website, email
    The more I learn, the more I know I don't know. When I don't know, I keep quiet!
    If I don't know that I don't know, I don't know whether to answer

  5. #20
    ssanfu is offline Master of Nothing
    Windows 10 Access 2010 32bit
    Join Date
    Sep 2010
    Location
    Anchorage, Alaska, USA
    Posts
    9,664
    @keviny04,
    Thanks for your comments. I see what you are getting at, but I don't know how to create a web interface, haven't used ADO (yet) and I am required to use Access as the FE and SQL Server as the BE (at this point).

  6. #21
    ssanfu is offline Master of Nothing
    Windows 10 Access 2010 32bit
    Join Date
    Sep 2010
    Location
    Anchorage, Alaska, USA
    Posts
    9,664
    Colin,
    Thanks for the links. I added them to my reading list. Looks promising.... once it sinks in.

  7. #22
    ssanfu is offline Master of Nothing
    Windows 10 Access 2010 32bit
    Join Date
    Sep 2010
    Location
    Anchorage, Alaska, USA
    Posts
    9,664
    @NoellaG,
    Sigh..... more reading.

  8. #23
    ssanfu is offline Master of Nothing
    Windows 10 Access 2010 32bit
    Join Date
    Sep 2010
    Location
    Anchorage, Alaska, USA
    Posts
    9,664
    So is DNS-less the way to go?
    Delete all linked tables and move/convert Access queries to SQL queries/SP?

    Would that mean changing from DAO to ADO?
    In the Cloud, SQL would be on its own VM, I would have my VM and each client would have their own VM. Clients would access their VM using RDP. Each client would have their own copy of the FE (an accde).


    Thoughts?

Page 2 of 2 FirstFirst 12
Please reply to this thread with any new information or opinions.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Other Forums: Microsoft Office Forums