Securing a Microsoft Access Database (MDB) File

On windows (ASP) hosting account, many account holders are using MS Access for their database needs. The MS Access Database is a single file containing various tables holds data for the hosting account holder. This MDB file (MS Access Database file) should be maintain with proper strategy so no one can steal that database. Here are few tips for MS Access database users that will help to safe their MDB file

1. Add a security password for your database so opening of database only possible by legitimate user
2. In your application (like ASP/dot-net) make sure to use custom error instead of default error by IIS. You may create few custom error pages.
3. If you are opening your database by using connection string in a separate include file, make sure to save that include file with .asp extension. So the IIS will not show the connection string if someone guess include file name. You should also keep such files in a separate folder; instead of root folder of your application.
4. You may rename your MDB file to some other extension file like .dat or .bak.
5. Store your database file in DATA folder. This folder by default created at root of your website folder beside wwwroot folder. This prevent web user to direct access towards the MDB file
6. The database name should not be simple. Use non-generic and difficult name that cannot be guess easily.
7. As suggested in point number 3, use a separate folder to keep included files in it. But do not use common name for that folder. Common name like “include”, “child” etc. Simply avoid them
8. Hide tables in MS Access Database by using Options menu in MS Access Application.
9. You can encrypt your MDB file so you can prevent a hacker to change data via script. You can read about this encryption at here and here!

This concludes the article. I hope this will help you all. Thank you for your interest.

Looking for quality web hosting? Look no further than Arvixe Web Hosting!

Tags: , , , , , , , , | Posted under ASP .NET 3.5, DotNet/Windows Hosting, Security/Vulnerability | RSS 2.0

Leave a Reply

Your email address will not be published. Required fields are marked *