Banana said:
David said:
Access connecting to a SQLServer DB on a server running IIS doesn't
present any [additional] security issues than if the DB is on a dedicated
server and not running IIS. The security issues don't compound simply
because Access is connecting to a DB that's the backend for a website.
However, that should not be taken to presume that the security measures
that would be implemented for a server running IIS would be the same as
those not running IIS or would superceded them. Conceptually, IIS and the
pages that run under it are nothing more than just another front-end just
like Access.
FWIW, I've heard recommendations that database be kept separate from web
server to minimize exposure should the web server be breached. Maybe this
is no longer true, and to be clear, we're in agreement that IIS/ASP.NET
and Access are just two different front-end to the SQL Server, but the
security measures are different and would be even more risky if they were
all on a single server because once a point is breached, the other access
points could then turn into more vectors to breach even deeper into the
infrastructure. If I'm mistaken about this, I'd love to know more.
Isolating the web server from the rest of the network is certainly an
intelligent precaution, but at some point you're going to have to access it
in order to get new pages onto the site, let alone if the Admin needs to
work with anything on the server. Also, there's the practical issue of
working with the data. How do you add records to a products table? How do
you pull orders entered on via the site into whichever DB you use to fulfill
them?
And yes, it increases the vectors, but that's where risk analysis is going
to come into play and that $150,000 you're paying your Network Admin to
secure your data. Unfortunately, my worth isn't because I'm a NetAdmin but
on the Business Analyst side of things. (Kneel before your god, and pay head
to all that he decrees! Thou shalt follow the requirements set forth before
you. Thou shalt not cause, encourage, or support scope creep. Thou shalt
deliver thy product on time, on budget and bug free.) But I would suspect
that it comes down to the rights on the dictories and those granted to the
various roles that are out there. I also seem to recall that virtual
directories tend to be on the riskier side of things, for some reason.
Maybe I'm missing the point, but those doesn't stuck me as something that
Access cannot do. Access certainly can use APIs and with a bit of grease,
interact with web services as well. Indeed, there has been demos of Access
using Google maps for example. Not to say it'd be easy as in ASP.NET
(because I don't know and would not want to presume so).
My perception is that getting at the classes and working with them tends to
be easier. Or at least there's ample documentation out there.
However, if the requirement is that people must be able to use the
application without downloading anything or maybe that it be available on
any platform, then that's a point where rich clients such as Access fall
short.
I wasn't suggesting that, but this is a consideration to put in the mind.
The OP didn't give enough information about the scope of project and what
users would be doing it and the load so I tried to be complete as possible
in highlighting the difference between a rich client and web client.
Network bandwidth happens to be one of traditional bottlenecks for any
data centric applications so depending on the volume of data and users
we're looking at, this can have important ramifications.
The trade off though is that the code operating on the data most likely
doesn't have to deal with network traffic as the DB most likely resides on
the same server, although its entirely possible that it could be a dedicated
web server accessing a dedicated server for the DB.
As they say, 'every dog has its day'. Sometimes it's Access. Sometimes
it's ASP.NET. Sometimes it's entirely something else. It would help OP a
lot to get into the functional requirements then it will become clear
whether it makes more sense to use ASP.NET or Access or heck, just a plain
old Excel spreadsheet for all I know!
That is very valid point- deployment certainly is much easier with ASP.NET
than with any rich clients.
That is true. If you don't mind me asking- how easy is it write custom
scripts? What about number of events available for the controls?
The code is code, not scripts, and is full bodied either (VB.NET or C#.NET)
complete with the ever popular Try...Catch...Finally which VBA lacks. When I
started working with ASP.NET a year ago, the biggest issue was learning the
controls and how to manipulate the HTML that the control rendered. For
example, one type of control renders its contents as a HTML table and I
needed to figure out how to create additional rows and cells as well as
accessing values in the cells. C# is the prefered language for the code
behind, however since I was already familar with VBA, I went with VB.NET and
didn't have any issues with the language. The other issue was remembering
that Javascript and DHTML were still valid approaches to accomplishing
something. I have several instances where the code that runs on the server
handles one part and Javascript handles another part of the task. I even
have code on the server that creates Javascript to run on the client.
The events for the common HTML controls on the page are easy to pick up such
as onclick, onmouseover, onmouseout, onchange, onfocus, etc. The ASP.NET
controls have events which run server-side for which you obviously have to
provide code for - just like Access - although the events are different.
Depending on the control, the events will vary.
Sample code
'This code fires on the _ItemDataBound event of control that displays
records in a simple list. This specific code causes the rows to appear with
alternating styles white/light blue. When the mouse moves over a row, its
highlighted in blue. You could use the same technique to apply a unique
color scheme to each row of data similar to FormatConditions, but with
*much* greater control over the conditions and the styles. You can even
dynamically change the image displayed with the record. For example 'new',
'open', 'close', 'void' images for an issue tracking application.
One of the cool things is that creating a ASP.NET page that pages through
data is *extremely* easy. There's one control that has it as a built-in
feature of the control.
Protected Sub RepeaterSelectEmployee_ItemDataBound(ByVal sender As Object,
ByVal e As System.Web.UI.WebControls.RepeaterItemEventArgs)
Dim ItemCssStyle = "SelectEmployeeRow"
If e.Item.ItemType = ListItemType.Item Or e.Item.ItemType =
ListItemType.AlternatingItem Then
If e.Item.ItemType = ListItemType.AlternatingItem Then
ItemCssStyle = "SelectEmployeeAlternatingRow"
End If
Dim RepeaterDetail As HtmlTable =
CType(e.Item.FindControl("RepeaterDetailSelectEmployee"), HtmlTable)
'Using this.className directly greatly improves the response time of turning
on or off the highlighting as .getElementById
'has to search through each element on a page, the performance drops as the
number of records on the page increases
RepeaterDetail.Attributes.Add("onmouseover",
"this.className='SelectEmployeeRowHighlight';")
RepeaterDetail.Attributes.Add("onmouseout", "this.className='" &
ItemCssStyle & "';")
Dim LinkButtonAddDelegate As LinkButton =
CType(e.Item.FindControl("LinkButtonAddDelegate"), LinkButton)
RepeaterDetail.Attributes.Add("onclick",
Page.ClientScript.GetPostBackClientHyperlink(LinkButtonAddDelegate, ""))
End If
End Sub
RepeaterDetail.Attributes.Add causes the HTML element to be rendered with
event handlers as in
<table onmouseover="this.className='SelectEmployeeRowHighlight'"
onmouseout="this.className='SelectEmployeeAlternatingRow'">
