This topic provides reference information about:
Protecting a data access page shortcut and its corresponding HTML file
Protecting and controlling database access from a data access page
Preventing unauthorized access from a malicious script
A data access page is the combination of a shortcut stored in the Microsoft Access database (.mdb) or Microsoft Access project (.adp) file and a corresponding Hypertext Markup Language (HTML) file located in your computer's file system. To protect a page's shortcut and its corresponding HTML file from being renamed, deleted, or changed, use the file system's security of the computer where you have stored these files. For example, on your computer, you can make the Access database or Access project file that contains the page's shortcut read-only. Or on the Web server where the page's corresponding HTML file is located (after you have published the page), make the file and the folder where the HTML file is located read-only. For more information about file and folder security, see Microsoft Windows Help.
Return to top
Consider the following when you want to ensure secure access to the Access database or Microsoft SQL Server database that the page is connected to:
Protect the database You can connect a page to either an Access database or SQL Server database. You should provide adequate security to either database as a foundation for protecting access to the database through a page. As with any application, you need to prevent unauthorized users from accessing the database, and control the level of access once a user has logged in.
If you have set a database password on an Access database that is connected to a page, you will be prompted for the password the first time you view the page.
Don't save the user name and password with the page If the username and password to the database are saved with the page, any user can log in to the database. If you want the page to prompt the user to log in to the database, modify the connection to the page in the Data Link Properties dialog box by clicking the Connection tab, and then clearing the Allow saving of password check box.
Return records based on a user name You might want to create a page that doesn't require entering a username and password through a page but can automatically detect who the user is, and display records based on that user. For example, you could create a page that allows users to change their personnel file. The general steps for doing this are:
For a detailed example of this, see the Microsoft Office 2000/Visual Basic Programmer's Guide.
Return to top
A page uses the Microsoft Office Data Source Control (MSODSC) to connect to its data source. When a user opens a page, the MSODSC on the page may use the user name of the user to log on to the database. A malicious page author could exploit this by using Microsoft Visual Basic, Scripting Edition or JScript running against the MSODSC to attempt access to databases on servers accessible to the user, but not the page author. The mode of data access used by the MSODSC determines whether a page is considered inherently safe, or if cross-domain data access is possible from the page. You can configure the MSODSC to use two modes of data access: two-tier or three-tier data access.
Two-tier data access is a direct connection to a data source in a traditional client/server fashion — the client (first tier) makes a direct connection to the database server (second tier). To perform two-tier data access, the MSODSC makes a direct connection to its data source through an OLE DB provider that is registered on the user’s computer. For an Access database, two-tier data access uses the local computer’s Microsoft Jet 4.0 OLE DB provider to connect to an .mdb file located on a network share. For an SQL Server database, two-tier data access uses the local computer’s Microsoft OLE DB provider for SQL Server to connect to a database server available on your local network.
Three-tier data access refers to using a third, remote component between the client and database components. Three-tier data access is typically used to access data across the Internet. For three-tier data access that uses the MSODSC, this third component is the ActiveX Data Objects (ADO) Remote Data Service (RDS) component (also called Data Factory) running on Microsoft Internet Information Server (IIS).
Any page that uses two-tier data access is considered by Microsoft Internet Explorer to be making a cross-domain access attempt. Depending on the security settings in Internet Explorer, when a user opens a page by using two-tier data access, one of three things occurs: the page is automatically disabled, the user is asked whether to allow data access, or the page is automatically enabled.
Internet Explorer security settings also define different security zones. If a page is on a Web server in a trusted zone, the cross-domain attempt can be enabled automatically. In a controlled environment, such as a corporate intranet, your pages will perform better if you use two-tier data access, and make sure that they are published from a server located in a trusted security zone. This is the simplest way to provide security against unauthorized access from malicious scripts. For more information about security settings, see Internet Explorer Help.
A page that uses three-tier data access to connect to a database is considered to be inherently safe regardless of what Internet Explorer security zone it is published from, and will not warn the user about cross-domain data access attempts when it is opened if authentication settings have been left to their default configuration.
For information about implementing two-tier or three-tier access, see the Microsoft Office 2000/Visual Basic Programmer's Guide.
Return to top