SQL Server connection security
auntiejack56
I am finally (finally!) changing the habits of a lifetime and no
longer concentrating on building Access FEs that connect to a SQL
Server database within their Windows domain. No, now I have started to
connect to a hosted SQL Server backend via the Internet. Good old
Fasthosts are storing my data, and the dsn-less connection hooks into
it from the FE on the desktop and Robert's your fathers brother.
I am being guided in this (for me) new approach by posts in this
group, and also by a cool presentation posted on the JStreet website
by Armen Stein, a gifted and entertaining speaker who came out to the
Sydney Access Dev Con a couple of years ago, hi Armen.
Using a Front End with connection via the internet means that the user
doesn't have to know the password of the database s/he is connecting
to, as it can be stored in the App.
This presents something of a risk, so:
a) Hide the database window
b) use MDE
c) Turn off Special Keys in the Startup options
d) Turn off AllowByPassKey
e) use SQL Server user with appropriate (low) privileges
What other things should I do? Are linked tables a particular problem,
insofar as the connection remains open and the password is stored
somewhere (I only guess that this is so because the password shows up
in the linked table tooltip in the Database window)?
Any suggestions greatly appreciated,
Ray