Best Practices for Preventing Unauthorized Access to SQL Server in Access Applications

G

gregbowers

New member
Local time
Tomorrow, 00:04
Joined
Jan 23, 2024
Messages
7
Hello

I'm seeking advice on implementing best practices for preventing unauthorized access to a SQL Server database within Access applications. Here's the scenario:

Background:

  • We have an Access application that connects to a SQL Server database backend.
  • Users authenticate through the Access application using their own credentials.
  • We want to restrict access to the SQL Server database to only authorized users, preventing unauthorized access via other means.
Questions:

  1. What are the recommended methods for ensuring that only authorized users can access the SQL Server database?
  2. Is it possible to implement user-level security within SQL Server to control access at a granular level?
  3. Are there any specific security features or settings in Access or SQL Server that we should be aware of and utilize?
  4. How can we monitor and audit access to the SQL Server database to detect any unauthorized attempts or activity?
  5. Are there any common pitfalls or mistakes to avoid when implementing security measures in Access applications with SQL Server backends?
Any insights, tips, or best practices from your experiences would be greatly appreciated.

Thank you in advance for your assistance!
 
To prevent unauthorized usage of SQL Server from outside of your application, your app needs to use credentials unknown to the user. Simply passing through the credentials used to log in to your application or using Windows authentication leaves an actual security gap.

I'm sure there are multiple options but one that I've used is to use the user's Network login as the login ID but have the Access application generate a password known only to the Access app and the process used by the DBA to create new users. This is of course, more work for the DBA because he needs to be involved as each new user is added. You don't want to actually store the passwords in your app because that also leaves a vulnerability so I created a small app that used information based on the user's HD, Motherboard, and his Network ID. The DBA used the app to generate the password when he created the account and my app used the logic when logging in.
 
You must log in or register to reply here.

Similar threads

E
Best Practices for User Access Control in Access Databases - Emmanuel Katto Uganda
Replies
3
Views
225
Pat Hartman
P
G
Recommendation for MS Access Admin Database for SQL Server User Management
Replies
3
Views
155
GPGeorge
GPGeorge
Kayleigh
Performance Issues
Replies
4
Views
411
Kayleigh
Kayleigh
D
Preventing System Admins From Accessing Database
2
Replies
32
Views
1,439
DalynSoft
D
S
Solved Managing SQL Server Logins in MS Access Frontend
Replies
19
Views
647
AHeyne
A

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)
Back
Top Bottom