Security Recommendations for MS Access Database

Last Updated: May 16, 2014 12:22PM EDT

Stores Using a MS Database

MS Access databases are inherently less secure because an Access database, unlike a MS SQL database, can be downloaded just like any other file if their location is known. Therefore, you should take the following precautions to ensure the location of your store database cannot be easily guessed.
  • Change Database Location and the Database Name- Your store database is located in the database subfolder of productcart. You should rename the folder or move the database to another folder on your Web server, as long as it has write/read permissions. You should also rename the database to any other name. When you change the folder name, or move the database to a new location, and rename it, remember to edit the DSN or DSN-less database connection string. After doing so, make sure to either run the ProductCart activation form again, or manually edit the database connection string in the includes/storeconstants.asp file. Also, for added security make sure that the folder that holds the database cannot be accessed by a browser (ask you Web hosting company how to disable HTTP access to the folder).
  • Password-protect the Store Database- You can password-protect the Microsoft® Access database that powers your online store. To do so, first download the database to your local machine. Then, launch Access and select File/Open. Locate the file that you just downloaded and open it using the Open Exclusive option. You can select the Open Exclusive option from the Open drop-down located in the bottom right corner of the Open File window (Access 2002). Once the database is open select Tools/Security/Set Database Password. Enter a password, confirm it and click OK.
Upload the database back to your Web server. The database will now require a password before being opened or accessed by any application. This is true for ProductCart too. Therefore, you will need to modify the DSN or DSN-less connection to include the password information. You may easily do so by editing a filed called storeconstants.asp located in the productcart/includes folder.

For example, if you are using a DSN connection

If you are using a DSN-less connection:
“DRIVER={Microsoft Access Driver (*.mdb)};DBQ=c:\yourdatabase.mdb”
“DRIVER={Microsoft Access Driver (*.mdb)};DBQ=c:\anydatabase.mdb;PWD=password”

  • Regularly Back-Up Your Database- Your store database contains all the information that is visible and used on your online store: product information, order details, customer information, etc. Because strange things happen even to the most reliable Web hosting providers, make sure that you keep a back-up copy of your store database in a location other than your Web server. You should back up the database regularly.
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found