-
If you would like to post, please check out the MrExcel Message Board FAQ and register here. If you forgot your password, you can reset your password.
Securing the connection string of data access pages
- Thread starter Worsty
- Start date
SydneyGeek
MrExcel MVP
- Joined
- Aug 5, 2003
- Messages
- 12,251
I haven't played with CGI's for a while but as I recall, this is one difference between a GET and a POST command in the code. One shows the string, the other does not. So, using Oracle or SQL Server is unlikely to make a difference here. You need to tackle the CGI statements.
Hope this helps
Denis
Hope this helps
Denis
Upvote
0
SydneyGeek
MrExcel MVP
- Joined
- Aug 5, 2003
- Messages
- 12,251
OK -- when you click a form or button on an HTML page, some code in the form tells the Web server what to do. The processing is handled usually by a script on the server, known as a Computer Gateway Interface script. CGIs usually respond to one of two main commands from a from button -- GET and POST. GET is usually the preferred method, because it's easier to use. I've found a few links that go into more detail than I can muster:
A pretty technical one -- http://www.cs.tut.fi/~jkorpela/forms/methods.html
And a more succint one detailing why you should sometimes use POST instead of GET (ie privacy -- your issue here) -- http://inconnu.isu.edu/~ink/perl_cgi/lesson2/get_post.html
Hope that helps
Denis
A pretty technical one -- http://www.cs.tut.fi/~jkorpela/forms/methods.html
And a more succint one detailing why you should sometimes use POST instead of GET (ie privacy -- your issue here) -- http://inconnu.isu.edu/~ink/perl_cgi/lesson2/get_post.html
Hope that helps
Denis
Upvote
0
SydneyGeek
MrExcel MVP
- Joined
- Aug 5, 2003
- Messages
- 12,251
OK -- let's take a couple of steps back.
What version of Access do you use? 2000 can do Data Access pages, but XP and 2003 are better.
Because Microsoft likes to work with MS products, you'll most likely find that DAPs work more easily with SQL than Oracle.
Have you built any Data Access Pages yet? I've gone over a few screen shots in a book and I don't see any connection strings. If you have seen them, are they in teh URL bar or elsewhere?
Finally, the resource I just looked up (Access 2002 Inside Out -- Helen Feddema, ISBN 0-7356-1283-8) says that many ISPs don't allow you to publish DAPs to web site that they host. Your mileage may vary on this one, but it's worth checking out.
Sorry if my earlier comments misled you. I wasn't in front of a machine with Access at the time.
Denis
What version of Access do you use? 2000 can do Data Access pages, but XP and 2003 are better.
Because Microsoft likes to work with MS products, you'll most likely find that DAPs work more easily with SQL than Oracle.
Have you built any Data Access Pages yet? I've gone over a few screen shots in a book and I don't see any connection strings. If you have seen them, are they in teh URL bar or elsewhere?
Finally, the resource I just looked up (Access 2002 Inside Out -- Helen Feddema, ISBN 0-7356-1283-8) says that many ISPs don't allow you to publish DAPs to web site that they host. Your mileage may vary on this one, but it's worth checking out.
Sorry if my earlier comments misled you. I wasn't in front of a machine with Access at the time.
Denis
Upvote
0
Thanks for your notes. Actually, we have created several DAP's in Access 2000, but the issue we've been running into is that once the .htm page is created, if you right click the page you can view the connection string in the source threfore allowing anyone to get back to the database.
Upvote
0
SydneyGeek
MrExcel MVP
- Joined
- Aug 5, 2003
- Messages
- 12,251
I know it's possible to prevent people right-clicking pages that you create yourself -- it's a bit of Javascript -- but I'm not sure if it can be incorporated easily into a DAP.
Denis
Denis
Upvote
0
Similar threads
- Question
