microsoft.com Home | |||
http://www.microsoft.com/office/ork |
Using Security Features in AccessSecurity Issues for Data Access PagesA data access page is the combination of a shortcut stored in the Microsoft Access database (MDB file) or Microsoft Access project (ADP file) and a corresponding HTML file located in your computer’s file system. Data access pages present security concerns in three areas:
Security for data access page linksAccess doesn’t provide user-level security for the links to data access pages stored in the Pages object list in the Database window. When an Access database or Access project is opened with write access to the file, users can add, delete, or rename the links stored in the Pages object list in the Database window. For this reason, the only way to prevent users from making changes to data access page links is to make the MDB or ADP file read-only. You can do this by using file-system access control (such as setting the read-only attribute) or by putting the file on a read-only network share. Security for data access page filesData access pages are HTML pages that contain <OBJECT> tag references to the Microsoft Office Data Source control and other Microsoft Office Web Components, as well as Extensible Markup Language (XML) and script. Data access pages are stored as files with the file name extension .htm either in the local file system, in a folder on a network share, or on an HTTP server. For this reason, Access has no control over the security of data access page files. To secure a data access page file that is stored on a local or network file system, you must use the file access security available for your operating system. To secure data access page files that are stored on an HTTP server, you must use the security features available on the server itself. For example, if you are using Microsoft Internet Information Server (IIS), you can use the Internet Service Manager or FrontPage Server Administrator to control security settings for files stored on the server. Controlling database access from data access pagesThere are three primary concerns regarding securing access to a database from a data access page:
For Access databases, there is the additional concern of controlling access to the Microsoft Access database (MDB file) through the file system. Preventing unauthorized access to the databaseYou need to prevent unauthorized users from gaining access to the database, and you need to control the level of access after a user has logged on. If the database is protected with user-level security and you want to enable user-level security through a page, make sure that the connection information for a page specifies the correct workgroup information file and that this file is in a public network share accessible to all users. To specify the workgroup information file to use
You can also author a data access page against an Access database that is secured with a database password. However, a database password provides control only over who can open the database and requires that all users know a single password to open the database. By default, a database password isn’t saved with a data access page, so users are prompted to enter the database password when opening the page. (Similarly, if a database password is set for the database after you author the page, users of your page are prompted to enter the password before they can use the page.) If you don’t want to prompt users for the database password, you can embed the password in the page; however, the password is saved in an unencrypted format in the HTML code of the page itself, which makes the password easy to be discovered. To save the database password with a data access page
Controlling the level of access to the databaseTo control the level of access after an Access database is opened from a data access page, you can use one of the following methods after establishing user-level security for the database:
Important Depending on the data access method that you choose for the data access page, where the database is located on the network relative to the IIS server used to publish the page, and how authentication is defined on the IIS server, you might not be able to control the level of access for individual users. That is, you might be able to control access based only on a single account used for all users who open the page. Preventing unauthorized access from malicious scriptsA data access page uses the Microsoft Office Data Source control (MSODSC) to connect to its data source. When a data access page is open in Microsoft Internet Explorer or in an HTML-capable mail reader that uses Internet Explorer browsing components, such as Microsoft Outlook 98 or Outlook 2000, the MSODSC on the page is using the identity of the user to log on to the database. A malicious user could exploit this fact to use script running against the MSODSC to gain access to databases on servers other than the one from which the page was downloaded. Attempts to use the MSODSC to access databases on servers other than the one the page originated from are referred to as cross-domain data access. The mode of data access used by the MSODSC determines whether a data access page is considered inherently safe, or if cross-domain data access is possible from the page. The MSODSC can be configured to use one of two modes of data access: two-tier data access or three-tier data access. In a two-tier data access mode, the client (first tier) makes a direct connection to the database server (second tier). Any page that uses two-tier data access is considered by Internet Explorer to be making a cross-domain access attempt. Depending on the security settings in Internet Explorer, when a user opens a page by using two-tier data access, one of three things occurs:
Internet Explorer security settings also define different security zones. If a page is on a Web server in a trusted zone, the cross-domain attempt can be enabled automatically. In a controlled environment, such as a corporate intranet, your pages perform better if you use two-tier data access, and if you publish them from a server located in a trusted security zone. This method is the simplest way to provide security against unauthorized access from malicious scripts. Three-tier data access includes a third, remote component between the client and database components. A page that uses three-tier data access to connect to a database is considered to be inherently safe regardless of what Internet Explorer security zone it is published from. These pages do not warn the user about cross-domain data access attempts when authentication settings have been left in the default configuration. See alsoThere are other strategies for maintaining secured data access pages. Both two-tier access and three-tier access are explained in more detail in the Microsoft Office 2000/Visual Basic Programmer’s Guide. |
|
Topic Contents | Previous | Top Friday, March 5, 1999 © 1999 Microsoft Corporation. All rights reserved. Terms of use. | ||
License
|