I have created a Windows Application in Vb.Net using MS Access 2007 database. I want it to be secured in such a way that the user who uses the application must not be able to see its content or access it. Protecting the file with password isn't a secure way.
Need help to secure and protect the MS Access database.
You said that protecting the file with password is not a secure way. Why? If that's not the secured way for you, you can encrypt all your records using some sort of algorithms. You can also hide the database file on the other directory (not on the same location as you EXE file).
Related
A web application written in java produces links to MS Word docx documents in in WebDAV repository on a Debian Linux server. Clicking on one of these links opens MS Word and a form is shown to put in authentication information. Then the document is opend and can be edited and saved.
Clicking on a link for the next time, one has to go through the whole process of autheticating (fill in the form) again.
Choosing 'Remember me' did not work. They write, the form should then be prefilled, but it isn't.
I want to get rid of this. Most tipps describe that this would be a problem with Basic Auth or Digest Auth and when using Kerberos it could be solved.
After installing Kerberos MIT on this server, I am able to authentication like before, but the problem still exists.
Does anyone have a hint or a solution for this?
Is there a configuration for MS Word/MS Office Upload center one has to go through?
Does one have to place any cretentials on the client?
...?
Configuration
Server version: Apache/2.4.38 (Debian)
MS Word 2013
After struggling many hours I get the Office login form pre filled now.
The solution was to delete all Generic Credetials in Windows Credentials which contain MicrosoftOffice and SSO_POP_Device and the credetial for the our server.
After that I established our server as network drive, which has the sideeffect that my credetials are stored in Windows Credentials, which leads to pre fill the login form.
But the problem that single sign on is not working still exists.
I am attempting to set up an IIS 6.0 application running on Windows Server 2003 to use impersonation in order to avoid having to give users direct read/write access to the shared folders where the DB and web pages are stored. Can anyone provide me with details of how this can be set up to work in conjunction with Windows Integrated Authentication?
So far, I can tell that the web.config file (not sure whether it's the correct one) has the two lines mentioned on this thread (Impersonation in IIS 7.0) to allow impersonation and use the Windows logon method. However, users are still prompted for a logon and then told they are not authorized to view web pages. They can view pages if we turn anonymous logon "on", but then their user credentials aren't passed on to the site and therefore they can't access most of it.
I'm fairly inexperienced, so I'm a bit lost here. Thank you very much in advance for the help!
Thanks to intervention from Microsoft (definitely worth the flat fee they charge per incident), we were able to identify the problem. Instead of using the network path to identify the website location on the "Home Directory" tab of the IIS properties, we were using the local drive path. That was all that needed to be changed.
Once we switched to the network path and added a dedicated service account to "Connect As...", impersonation started working right away. Users pass their logged on credentials via integrated authentication (no logon required) and the service account takes care of executing their actions on the database file.
Access to the shared folder is limited to a brief list of administrators, and data access on the web application is limited based on user names.
If anyone is stuck with this and needs help, let me know!
I am running a file upload process to upload files to a db. The web server and the SQL server are different machines. I am attempting to use an SQL OPENROWSET to upload an excel file, but I cannot determine how to get the file onto the other machine. Is there a way to set up a shared drive that the web server can save a file to and the SQL server can access? We have a local network set up with Active Directory.
For Example:
WebServer - Shared drive on web server under C:/inetpub/webpage/fileImport
SQLServer - Will log in with sql auth using USERID and PASSWD. Needs to access webserver shared drive.
What user do I share the drive on web server with so that the sql auth user will be able to access it when I run the OPENROWSET?
Any help will be much appreciated.
I am also trying the same thing by uploading the file in FTP and trying to access it. But i didn't get any progress from last 2 weeks.
And i had found may other alternatives like coping the files in another server and share the folder with out user name & password. then we can able to access it by giving the
\\folder\filename
If u get any other alternative plz share...
You should setup a new user that has access to the user group iis_users, and then give them security access to the file drive itself.
The same should be done to the DB server, and on the drive folder security the other user will need read/write/Modify permissions.
So it will look like:
(WebHost) ---- (Shared) ---- (DBHost)
*-------*
Well, you would setup the folder on the SQLServer.
Create a secure user on the SQL machine.
Make the folder shared (with modify rights for the secure user)
Map the Network drive on the Windows machine, using the secure user to access it.
Your main user on the SQLServer should then be able to openrowset from the local folder, whilst the IIS Server is remotely accessing it.
Using the OPENROWSET means that SQL qill access files using the service account. This account must be used to access share drive, as stated here Using SQL Credential to Open a file with OpenRowSet.
I wish to ship SQL server database file with my application. I am very very new to SQL.
1) I do not know how to protect this file from being opened.
2) If this file is emailed, can anybody read it?
3) Is there any possibility of protecting it like Access database is password protected so even emailed, no one can open it.
Thanks
Furqan
Regular SQL Server database files (.mdf, .ldf) aren't intended to be shipped with your application and installed locally - they are intended to be used on a SQL Server instance, running in a secure environment where typical users don't have physical access to the files per se.
As such, .mdf/.ldf files cannot really be protected by a password or anything like that - you can define users and their permissions, but that only applies to the permissions inside the database - not the database file(s) itself.
For your scenario, I guess you'd be better off with SQL Server Compact Edition - an in-process (just a bunch of DLL's), one-file-for-your-entire-database (*.sdf) kind of database - much more closely an Access replacement than the full-fledged SQL Server.
The documentation clearly states:
SQL Server Compact Edition was
designed from the beginning assuming
the user had access to the physical
file. Without an additional security
mechanism, the user could bypass your
application and use tools such as
MSQuery to view and edit the raw data.
SQL Server Compact Edition supports
the ability to password protect and
encrypt the data file, thereby
limiting access to your application
which embeds the password. The
password protection of the database
file adds a layer of protection that
travels with the file, making it
harder to access the data in the event
a rogue user obtains the file.
Read more about SQL Server Compact 3.5 and you might also want to check out the SQL Server Compact blog which discusses the latest developments (SQL Server Compact 4.0 is in testing right now).
1) Assign a username and password to through SSMS or Enterprise Manager
2) No, because of [1]
3) Yes, because of [1]
Just to be doubly sure: take the database offline, zip encrypt .mdf file, and send it
If you ship it - than someone on the other end need to open and install it.
You can protect the file using zip software with password, and tell it to the other party on the phone.
1) Even if you protect it before it is added to the SQL server the user will be able to get into the database once it is loaded and running on the server.
2) Possible, but why would you want to email a database file?
3) When you email it you can add it to an archive with password, like a password protected zip file.
I have this problem, I can create a setup for my app/database but everyone can open the backend file which is an MS Access database. I want it so we can only access the database using the frontend app. Please help me ...
You will need to create a separate front end app that accesses the database, and keep the database file somewhere secure where direct access to it is limited/restricted. You should also password-protect the file in case someone does manage to get it See tip #10 here: https://web.archive.org/web/1/http://blogs.techrepublic%2ecom%2ecom/10things/?p=552 for info about password protection (though you might find the other tips useful as well).
Whatever you do, don't rely on Access password protection. It can be cracked in minutes by tools freely available on the internet.
I would get Garry Robinson's book Real World Microsoft Access Database Protection and Security
It is the most comprehensive guide to securing an Access database that there is.
A first step, however, would be to put the backend file in a restricted folder.