Controlling Database Access

You can use a variety of techniques to effectively restrict access to your database files. These techniques can range from configuring your database software's security features to setting Windows NT File System (NTFS) permissions for database files.This topic outlines basic guidelines for effectively restricting access to your Web server's database files.

To control database access
  1. Configure your database software's security features when creating database files. Depending on the security features provided by your database software, you can control user access to database files with a high degree of granularity. For example, with Microsoft SQL Server security features, you can control how users access a particular database file, including how those users access specific tables, records, and fields. For more information, consult your database software documentation.
  2. Secure database files and directories stored on your Web server by setting appropriate NTFS permissions. Make sure that trusted users who need to update database files have appropriate permissions. For more information, see Setting Access Permissions for a Directory or File.
  3. Secure your file based Data Source Name (DSN), which can contain user IDs and passwords, with appropriate NTFS permissions.
  4. Secure .asp files containing scripts that pass user name and password information to databases with appropriate NTFS permissions.

    5. Tip   Consider converting your ASP database scripts, especially those containing user name and password information, into secure ActiveX server components. For more information, see Creating Components for ASP.

  5. Select an appropriate Web server authentication method for identifying users attempting to access your database. Database user authentication can depend greatly on the protocol used for connecting to a database. For example, if you decide to use the Named Pipes default connection protocol for SQL Server, then authentication of Windows NT account credentials may occur in addition SQL Server authentication. You should carefully consult your database software documentation for guidelines regarding the integration of disparate authentication methods.

© 1997 by Microsoft Corporation. All rights reserved.