By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,510 Members | 1,504 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,510 IT Pros & Developers. It's quick & easy.

Write-only Access to Database on Network Drive?

P: 63
Is it possible to set the file permissions on an Access 2007 database file stored on a Windows file server to allow users to only write data TO an Access database, but not allow them to open the database file or read data from it?

I'm trying to find a mechanism to capture usage data from users who are using a local web application, but I don't want those users to be able to access the data.

The mechanism uses ActiveX objects in Javascript to write data to the database file, but I cannot figure out how to prevent users from reading from the file or opening it.

Or is this kind of thing only possible using a database server, like SQL Server?

Thanks in advance for any help you can provide.
Dec 14 '11 #1

✓ answered by Rabbit

You would create an Access Object and from there you have can do pretty much anything that you can do when you open Access manually.
So instead of new ActiveXObject("ADODB.Connection"), use new ActiveXObject("Access.Application").

Share this Question
Share on Google+
10 Replies


pod
100+
P: 298
pod
This is what I do, my website is on an IIS webserver on one of my dev computers.
If you are using the same, ...

try settings the security of the network folder where the database resides to allow only a few authorized users (yourself and network administrators perhaps)

then set your webserver's website "Directory Security" tab, "Anonymous access and authentication control" properties to use one of these authorized accounts to access the data.

It might not be the best method or the only one but it works for me.



P:oD
Dec 15 '11 #2

NeoPa
Expert Mod 15k+
P: 31,186
I don't believe Access will work with anything less than full access permissions available (At the file level at least). It may be that one could get around this in the way suggested by POD using IIS security, but I know little of that. If not, then I would at least ensure the project is coded to allow only reading of the data.
Dec 15 '11 #3

Rabbit
Expert Mod 10K+
P: 12,316
You can't prevent them from opening or reading data. But you can encrypt the data you insert into the database. Just make sure to use an mde version of the database so they can't get the key from the code. At least not easily anyways.
Dec 15 '11 #4

P: 63
Rabbit, could you expand on that, please? Do you mean simply encrypting the Access database file with a password?

If so, how do you allow the ActiveX ADO object in the local web application to access the database without supplying the password in the connection string (which is easily viewable)?
Dec 15 '11 #5

Rabbit
Expert Mod 10K+
P: 12,316
I don't mean the built in encryption. I mean implementing your own encryption in code and inserting all data by first running it through that function.
Dec 15 '11 #6

P: 63
I see.
The function for encrypting the data would be in the javascript code in the web application, right? There's no way to have VBA Functions in the database file run unless the file is open, is there?

In your comment below you said to use an MDE (or ACCDE for 2007+) version of the database so the user couldn't get the key. But if the encryption function is in the front-end application, wouldn't a user be able to view the source and determine the key that way?


Never done encryption before, so any suggestions on that would be much appreciated.
Dec 15 '11 #7

Rabbit
Expert Mod 10K+
P: 12,316
No, not in the front-end, because as you say, they can just see the encryption key in the code. It would have to open the database so it can run it through the compiled VBA in the database so the encryption key is at least in an unreadable format.
Dec 15 '11 #8

P: 63
Rabbit, you have been immensely helpful and I don't want to take much more of your time, but could you point me in the right direction of how to open the database to execute the compiled code using javascript?

This is an example of the Javascript code in the front-end I'm using to insert the data into the database now:
Expand|Select|Wrap|Line Numbers
  1. function AddToDB() {
  2. objConn = new ActiveXObject("ADODB.Connection");
  3. conn_String = "Provider=Microsoft.ACE.OLEDB.12.0; Data Source=" + dbPath;
  4. sqlStr = "INSERT INTO TableName VALUES (" + var1 + ")";
  5. objConn.Open(conn_String);
  6. objConn.Execute(sqlStr);
  7. objConn.Close();
  8. }
Thanks in advance.
Dec 15 '11 #9

Rabbit
Expert Mod 10K+
P: 12,316
You would create an Access Object and from there you have can do pretty much anything that you can do when you open Access manually.
So instead of new ActiveXObject("ADODB.Connection"), use new ActiveXObject("Access.Application").
Dec 20 '11 #10

P: 63
Thank you, Rabbit! I will try that.
Dec 20 '11 #11

Post your reply

Sign in to post your reply or Sign up for a free account.