Using Security Features in Access

Security Issues for Data Access Pages

A data access page is the combination of a shortcut stored in the Microsoft Access database (MDB file) or Microsoft Access project (ADP file) and a corresponding HTML file located in your computer’s file system.

Data access pages present security concerns in three areas:

• Security for the links to data access pages stored in the Pages object list in the Database window in an Access database or Access project
• Security for data access page files themselves
• Control over access to the database that a data access page is connected to

Security for data access page links

Access doesn’t provide user-level security for the links to data access pages stored in the Pages object list in the Database window. When an Access database or Access project is opened with write access to the file, users can add, delete, or rename the links stored in the Pages object list in the Database window.

For this reason, the only way to prevent users from making changes to data access page links is to make the MDB or ADP file read-only. You can do this by using file-system access control (such as setting the read-only attribute) or by putting the file on a read-only network share.

Top

Security for data access page files

Data access pages are HTML pages that contain <OBJECT> tag references to the Microsoft Office Data Source control and other Microsoft Office Web Components, as well as Extensible Markup Language (XML) and script. Data access pages are stored as files with the file name extension .htm either in the local file system, in a folder on a network share, or on an HTTP server. For this reason, Access has no control over the security of data access page files.

To secure a data access page file that is stored on a local or network file system, you must use the file access security available for your operating system. To secure data access page files that are stored on an HTTP server, you must use the security features available on the server itself. For example, if you are using Microsoft Internet Information Server (IIS), you can use the Internet Service Manager or FrontPage Server Administrator to control security settings for files stored on the server.

Top

Controlling database access from data access pages

There are three primary concerns regarding securing access to a database from a data access page:

• Preventing unauthorized users from opening the database at all
• Controlling the level of access after a database is open
• Preventing malicious scripts from using the user’s identity to gain access to other databases

For Access databases, there is the additional concern of controlling access to the Microsoft Access database (MDB file) through the file system.

Preventing unauthorized access to the database

You need to prevent unauthorized users from gaining access to the database, and you need to control the level of access after a user has logged on. If the database is protected with user-level security and you want to enable user-level security through a page, make sure that the connection information for a page specifies the correct workgroup information file and that this file is in a public network share accessible to all users.

To specify the workgroup information file to use

1. Start Access, and open the data access page that you want to work with in Design view.
2. On the View menu, click Field List, and then click the Database tab.
3. Right-click the database name, and click Connection.
4. Click the All tab, and double-click Jet OLEDB:System database.
5. In the Property Value box, specify the path to the correct workgroup information file.

   In most cases, this is a UNC path (\\ServerName\ShareName) to the file on a network share.

6. Save your changes to the data access page.

You can also author a data access page against an Access database that is secured with a database password. However, a database password provides control only over who can open the database and requires that all users know a single password to open the database.

By default, a database password isn’t saved with a data access page, so users are prompted to enter the database password when opening the page. (Similarly, if a database password is set for the database after you author the page, users of your page are prompted to enter the password before they can use the page.)

If you don’t want to prompt users for the database password, you can embed the password in the page; however, the password is saved in an unencrypted format in the HTML code of the page itself, which makes the password easy to be discovered.

To save the database password with a data access page

1. Start Access, and open the data access page that you want to work with in Design view.
2. On the View menu, click Field List, and then click the Database tab.
3. Right-click the database name, and click Connection.
4. Under Enter information to log on to the server, select the Allow saving of password check box.
5. Save your changes to the data access page.

Controlling the level of access to the database

To control the level of access after an Access database is opened from a data access page, you can use one of the following methods after establishing user-level security for the database:

• Define a user account that has the appropriate level of access you want to allow for any user of the data access page.

  Use the Data Link Properties dialog box to save this account name and password in the data access page connection information. Be sure to put the correct workgroup information file in a shared location and specify the path to the file in the Data Link Properties dialog box.

• Define the appropriate groups and access levels that you want to allow for users of the data access page.

  Create user account names and passwords to distribute to authorized users of the data access page, and assign those users to the appropriate groups. Use the Data Link Properties dialog box to prevent the password from being saved in the data access page connection information.

Important   Depending on the data access method that you choose for the data access page, where the database is located on the network relative to the IIS server used to publish the page, and how authentication is defined on the IIS server, you might not be able to control the level of access for individual users. That is, you might be able to control access based only on a single account used for all users who open the page.

Preventing unauthorized access from malicious scripts

A data access page uses the Microsoft Office Data Source control (MSODSC) to connect to its data source. When a data access page is open in Microsoft Internet Explorer or in an HTML-capable mail reader that uses Internet Explorer browsing components, such as Microsoft Outlook 98 or Outlook 2000, the MSODSC on the page is using the identity of the user to log on to the database.

A malicious user could exploit this fact to use script running against the MSODSC to gain access to databases on servers other than the one from which the page was downloaded. Attempts to use the MSODSC to access databases on servers other than the one the page originated from are referred to as cross-domain data access.

The mode of data access used by the MSODSC determines whether a data access page is considered inherently safe, or if cross-domain data access is possible from the page. The MSODSC can be configured to use one of two modes of data access: two-tier data access or three-tier data access.

In a two-tier data access mode, the client (first tier) makes a direct connection to the database server (second tier). Any page that uses two-tier data access is considered by Internet Explorer to be making a cross-domain access attempt. Depending on the security settings in Internet Explorer, when a user opens a page by using two-tier data access, one of three things occurs:

• The page is automatically disabled.
• The user is asked whether to allow data access.
• The page is automatically enabled.

Internet Explorer security settings also define different security zones. If a page is on a Web server in a trusted zone, the cross-domain attempt can be enabled automatically. In a controlled environment, such as a corporate intranet, your pages perform better if you use two-tier data access, and if you publish them from a server located in a trusted security zone. This method is the simplest way to provide security against unauthorized access from malicious scripts.

Three-tier data access includes a third, remote component between the client and database components. A page that uses three-tier data access to connect to a database is considered to be inherently safe regardless of what Internet Explorer security zone it is published from. These pages do not warn the user about cross-domain data access attempts when authentication settings have been left in the default configuration.

Top

See also

There are other strategies for maintaining secured data access pages. Both two-tier access and three-tier access are explained in more detail in the Microsoft Office 2000/Visual Basic Programmer’s Guide.