Access on the Internet

[Zazie]

I have an Access 2000 database currently used by 8 office staff. I would like
to make the system available to clients on the internet so they can each view
a report of their own job records (and not each other's)

There are many tens of users who will need to view the reports generated by
the Access database.

Ultimately I would like the web users to be able to input data to the system
as well.

Do I need to upgrade to a SQL Svr backend for this scenario?

Any comments greatly appreciated.

 

[Wayne Morgan]

No, SQL is not "needed" to do this. However, to do it properly you will need
to set up ASP pages on the web server that use the Access database as their
data source. The Front Page folks could probably help you better with that.
Trying to connect to the Access database as a front-end/back-end scenario,
as you would on a local LAN, is not recommended across an Internet
connection.

Another option would be to use remote control software, such as Windows
Terminal Services. But, with the number of users it sounds as if you're
going to want, the ASP pages would probably be better.

 

[Zazie]

Thanks for your comments, Wayne.

I'm most concened about a) security and b) concurrency which is why I
mentioned SQL Server.

I read that Access is likely to struggle with more than a handful of users
when implemented as a backend database for aspx pages.

 

[Alex White MCDBA MCSE]

Well, SQL security is far stronger than Access, the main reason I don't use
Access databases for web applications, is savvy users can grab, (or query)
the Access database unless a lot of steps are performed on the webserver to
stop people finding the Access mdb and pulling it off the webserver. SQL
server is a better way forward for websites based on it's security model,
but for small lookups of data etc, it could be over kill. SQL could also
work out quite expensive as I way forward as with website stuff it does not
use user CAL's but processor CAL's. If security is a valid concern then
several things need to be considered, like never using HTTP but only using
HTTPS, using SQL server, not using HTML pages (because it is plain text),
only using aspx pages due to the compiled nature of the resulting pages.

I have read some posts on the subject of using Terminal Services to solves
some of the problems, well a couple of things firstly the Terminal Services
that comes with Windows 2000 Server/Windows 2003 Server is for
Administration, 2 concurrent users max at any time, to 'upgrade' to full
Terminal Services can work out expensive, and never expose the Terminal
Services port to the open internet only connect through a VPN first.

If security is your main valid concern, then

SQL Server, or MSDE (for small volumes of users/data)
ASP.NET either 1.1 or almost released version 2
A certificate so that is all runs under HTTPS
All your code using parameters not using dynamic SQL statements.
Some form of statefull firewall.